/irc-logs / freenode / #whatwg / 2007-10-04 / end

Options:

# Session Start: Thu Oct 04 00:00:00 2007
# Session Ident: #whatwg
# [00:00] <Hixie> the user is already logged in
# [00:00] <Hixie> i don't understand what you mean
# [00:00] <Hixie> cookies had better be sent to the server, how else can we do user authentication?
# [00:01] <annevk> I think that's prevented, but maybe the only prevention is about reading those cookies in the response
# [00:01] <Hixie> i hope so
# [00:01] <Hixie> otherwise i have a whole bunch more comments to send :-)
# [00:01] * annevk summons sicking
# [00:02] <Hixie> the spec says cookies should work (xhr2)
# [00:02] <annevk> it also says it doesn't deal with some things yet
# [00:02] <annevk> this being one of them :)
# [00:02] <Hixie> it does deal with it, it explicitly says it should work :-)
# [00:02] <Hixie> "If the user agent supports HTTP State Management it should persist, discard and send cookies (as received in the Set-Cookie and Set-Cookie2 response headers, and sent in the Cookie header) as applicable. [RFC2965]"
# [00:03] <annevk> fair enough, though not what I meant
# [00:03] <Hixie> what did you mean then?
# [00:03] <annevk> there's a note somewhere on limiting stuff on requests
# [00:03] <annevk> issue, rather
# [00:04] <annevk> such as setted request headers
# [00:04] <annevk> and there was something about user/password too
# [00:04] <annevk> i'll e-mail jonas
# [00:04] <Hixie> you mean in addRequestHeader?
# [00:04] <annevk> set*, yes
# [00:04] <Hixie> right setRequestHeader() certainly shouldn't let cookies be set for cross-origin hosts
# [00:04] <Hixie> i'm talking about the cookies that the UA already has set
# [00:05] <Hixie> (allowing setRequestHeader() to set cookies would allow for a distributed cookie search attack)
# [00:08] <annevk> thanks, this helps clearing some stuff up
# [00:09] <Hixie> np
# [00:14] * Joins: sicking (n=chatzill@corp-241.mountainview.mozilla.com)
# [00:14] <sicking> wassup
# [00:14] <annevk> heh
# [00:15] <annevk> just e-mailed
# [00:15] * gavin_ relayed annevk's summoning
# [00:15] <annevk> cheers
# [00:15] <annevk> basically, what's the XHR2 model for non-same origin requests with respect to the user/password arguments of open() and what is with respect to cookies
# [00:15] * Joins: biesi (n=chb@85-124-21-38.dynamic.xdsl-line.inode.at)
# [00:16] * annevk wonders if gavin_ summoned the entire #developer channel
# [00:16] <gavin_> well, I relayed it publically :)
# [00:16] <sicking> annevk: we don't allow user/passwd to be specified for cross-origin requests
# [00:16] <gavin_> biesi must just be curious :)
# [00:17] <annevk> sicking, ignored or exception?
# [00:17] <sicking> annevk: why did you respond to hixie on the webapi list btw?
# [00:17] <annevk> oops
# [00:17] <sicking> annevk: leeme look
# [00:17] <sicking> lemme even
# [00:18] <biesi> gavin_, yep :)
# [00:18] * annevk resends to public-appformats
# [00:18] * Joins: csarven (n=nevrasc@modemcable130.251-202-24.mc.videotron.ca)
# [00:18] * Joins: sayrer (n=chatzill@user-1087kf0.cable.mindspring.com)
# [00:19] <Hixie> did i send it to the wrong list?
# [00:19] <annevk> don't think so
# [00:19] * Joins: dholbert (n=dholbert@corp-241.mountainview.mozilla.com)
# [00:19] <sicking> no, anne did
# [00:19] * Quits: aaronlev (n=chatzill@146-115-126-114.c3-0.arl-ubr1.sbo-arl.ma.cable.rcn.com) (Read error: 110 (Connection timed out))
# [00:20] * Quits: dholbert (n=dholbert@corp-241.mountainview.mozilla.com) (Client Quit)
# [00:20] * Hixie has now defined the syntax of manifests, btw (http://www.whatwg.org/specs/web-apps/current-work/#manifests)
# [00:21] * annevk loads
# [00:21] <annevk> "Note: This is a willful double violation of RFC2046."
# [00:21] <annevk> heh
# [00:21] <kingryan> two wrongs make a right?
# [00:21] <annevk> Hixie, is the UTF-8 thingie a violation too? Where is that stated?
# [00:21] <Hixie> *mumble* stupid rfc
# [00:22] <annevk> it's from 1996...
# [00:22] <Hixie> annevk: RFC2046 requires the default to be us-ascii (HTTP changes it to ISO-8859-1) and RFC2046 requires newlines to be CRLF (HTTP changes that to CR, LF, or CRLF)
# [00:22] <Hixie> (but HTTP requires that they be consistent throughout the file)
# [00:22] <annevk> so per HTTP you violate only a single rule
# [00:22] <Hixie> (html5 changes it to UTF-8 and CR|LF|CRLF)
# [00:23] <annevk> oh wait
# [00:23] <annevk> you changed the sole LF requirement
# [00:23] <annevk> interesting
# [00:23] <Hixie> yeah otherwise windows users would hit me
# [00:23] <Hixie> bbiab
# [00:23] <annevk> Hixie, should it mention the UTF-8 BOM?
# [00:23] <Hixie> mtg
# [00:25] <sayrer> annevk, is the manifest format already in use somewhere?
# [00:25] <jgraham> Hixie: Is there a good reason not to allow comments on data lines?
# [00:25] <jgraham> At the end obviously
# [00:25] <annevk> sayrer, nope
# [00:26] <biesi> Hixie, HTTP specifies what the actual data must contains?
# [00:26] <annevk> sayrer, just that editors might include such a thing by default
# [00:26] <biesi> s/s\?/?/
# [00:27] * Quits: biesi (n=chb@85-124-21-38.dynamic.xdsl-line.inode.at) ("Verlassend")
# [00:27] <annevk> Hixie, you want s/<li>/<dt>/ there somewhere
# [00:28] <sayrer> [{explicit:[,,,]},{fallback:[],,]}]
# [00:28] <sayrer> would avoid parsing and encoding issues
# [00:29] * Quits: jruderman (n=jruderma@corp-241.mountainview.mozilla.com)
# [00:29] <annevk> sayrer, http://krijnhoetmer.nl/irc-logs/whatwg/20070929#l-17
# [00:31] <sayrer> oh, most JSON parsers grok comments
# [00:32] <sayrer> but yeah, it's all a bit gross
# [00:32] <Philip`> That sounds like a flaw, not a feature :-)
# [00:32] <sayrer> it's actually right there in the JSON rfc
# [00:32] <sayrer> you can accept more than is allowed
# [00:33] <annevk> fun
# [00:33] <sayrer> so lots of them deal with comments, unquoted keys, trailing commas
# [00:33] <annevk> "A JSON parser MAY accept non-JSON forms or extensions."
# [00:33] <annevk> anyone up for writing JSON5?
# [00:34] * jgraham was wondering how long that would take to be suggested
# [00:34] <Philip`> s/MAY/MUST NOT/ and then the world will be a happier place
# [00:34] <jgraham> JSON5 = JSON + comments - arbitrary extendibility
# [00:35] <annevk> it's funny that JSON defaults to UTF-8 and wants to be a subset of JavaScript; but maybe I'm just being to anal
# [00:35] <kingryan> jgraham: http://krijnhoetmer.nl/irc-logs/whatwg/20070929#l-53
# [00:36] <annevk> oh fun, it even allows UTF-32
# [00:36] <annevk> hsivonen will be pleased
# [00:37] * Joins: jruderman (n=jruderma@corp-241.mountainview.mozilla.com)
# [00:38] <sayrer> anyway, I'm now convinced there is no good choice
# [00:39] <annevk> "Whenever I'm caught between two evils, I take the one I've never tried."
# [00:41] <annevk> sicking, found out whether you guys throw or not?
# [00:41] <sicking> looking
# [00:42] <sicking> sorry, got sidetracked
# [00:42] <Hixie> annevk: hm, BOM, good point.
# [00:42] <Hixie> jgraham: not especially, other than making parsing easier. do you think it should support that?
# [00:43] <sicking> annevk: we throw if you specify a cross-origin uri and user/pass
# [00:44] <annevk> sicking, what's the reason it's not allowed, might be useful for security section
# [00:44] <sicking> annevk: on a redirect we'll fire an error-event
# [00:44] <jgraham> Hixie: it seems like a low cost thing that people might find useful and will probably expect to work
# [00:44] <sicking> annevk: otherwise it would be easy to do distributed brute-force hacking of an account
# [00:44] <sicking> annevk: for some definition of "easy" :)
# [00:45] <Hixie> sayrer: yeah the problem with JSON is that it doesn't have well defined error handling
# [00:45] <annevk> k, but if the user is already logged in you have access I assume?
# [00:45] <annevk> Hixie, I wonder if you just shouldn't allow arbitrary encodings and defualt to UTF-8 respecting charset= and all that
# [00:46] <sayrer> Hixe, might want to reconsider that comment character if you allow it on data lines
# [00:46] <sicking> annevk: basically i could set up a page and everyone that visited that page would take part in a distributed dictionary attack
# [00:46] <Hixie> jgraham: fair enough
# [00:46] <sayrer> since you know people will end up with fragment identifiers in these things
# [00:47] <sicking> annevk: yeah, if the user is logged in already it should work
# [00:47] <Hixie> annevk: i'd really rather not bring in all the legacy encodings into this
# [00:47] <annevk> sicking, k, what about cookies?
# [00:47] <sicking> annevk: over the network they are sent as per usual
# [00:47] <annevk> Hixie, given everything else that's required for the feature it seems low-cost, but fair enough
# [00:47] * Hixie notes that was sicking just described is exactly what Hixie described earlier as the problem with sending cookies -- it's the same issue
# [00:47] <sicking> annevk: but accessing document.cookies on the returned document fails
# [00:48] <sicking> Hixie: how so?
# [00:48] <Hixie> annevk: encodings are a near-infinite pit of doom, in my experience
# [00:48] <Hixie> sicking: (i was agreeing with you)
# [00:48] <sicking> Hixie: ah
# [00:48] <Hixie> sicking: i was saying that setRequestHeader() shouldn't allow Set-Cookie because it would enable a distributed brute-force cookie search
# [00:48] <sicking> Hixie: well, iirc i'm agreeing with you. i think the idea came from you at the xxx security review here at moco
# [00:48] <Hixie> heh
# [00:48] <Hixie> figures :-)
# [00:49] * Hixie hopes he isn't the only person to have come up with security problems with xhr :-P
# [00:49] <Hixie> cos i'm by far not a security expert!
# [00:50] <sicking> annevk: we basically do this: http://lists.w3.org/Archives/Public/public-webapi/2006Jun/0012
# [00:51] <annevk> oh, if you guys implement the XMLHttpRequest-Security-Check header that can simply be renamed to If-Method-Allowed...
# [00:52] <annevk> but I think you didn't
# [00:52] <Hixie> where does If-Method-Allowed come from?
# [00:52] <annevk> generic name for XHR-Security-Check
# [00:52] <Hixie> oh it's invented as well?
# [00:53] <annevk> yes
# [00:53] <annevk> i have tried to clarify this by making up some EBNF in the spec...
# [00:54] <Hixie> k
# [00:54] <Hixie> it sounds nice and official
# [00:54] <annevk> good
# [00:55] <othermaciej> that does sound like a good name
# [00:55] * Quits: tndH (i=Rob@adsl-87-102-67-202.karoo.KCOM.COM) ("ChatZilla 0.9.78.1-rdmsoft [XULRunner 1.8.0.9/2006120508]")
# [00:56] <Hixie> it doesn't really follow the semantics of the other If-XXX headers though
# [00:57] <annevk> If-Allow-Method maybe?
# [00:57] <annevk> or just If-Allow...
# [00:57] <Hixie> the If-XXX headers have the semantic "do what i say if the condition matches, else return 412"
# [00:58] <othermaciej> what would If-Method-Allowed do if the method is not allowed?
# [00:59] <annevk> it does nothing, it just lets the author of the server inspect what the user agent intends to do
# [00:59] <Hixie> the question is more what it would do if the method _was_ allowed
# [00:59] <Hixie> well
# [00:59] <annevk> the author replies with Allow:GET,HEAD,FOOBAR
# [01:00] <Hixie> right which isn't the same semantic as the other If-XXX headers
# [01:00] * Quits: othermaciej (n=mjs@17.255.97.100)
# [01:00] <annevk> afaict it's not implemented so renaming is certainly possible
# [01:01] <Hixie> maybe Is-Method-Allowed?
# [01:01] <Hixie> or Query-Is-Method-Allowed?
# [01:01] <Hixie> (assuming you don't want XMLHttpRequest-Security-Check, which i think has the advantage of being very clear as to its purpose :-) )
# [01:01] * Hixie doesn't really mind what it's called
# [01:01] <annevk> Method-Security-Check
# [01:02] <annevk> or just Method-Check
# [01:02] <annevk> Referer-Root doesn't have Security in it either
# [01:02] <Hixie> if we do have a more generic name, though, we should define its processing semantics even when not in the context of xhr
# [01:02] <Hixie> it was more the "XMLHttpRequest" part I was referring to
# [01:03] <Hixie> Referer-Root doesn't have any processing semantics other than letting the server know what's going on, which makes it easy to make generic
# [01:03] <Hixie> (and it's only useful when Referer: isn't set anyway)
# [01:03] <annevk> same goes for Method-Check, no?
# [01:03] <Hixie> no, Method-Check has a very specific set of requirements to do with what the server responds with
# [01:03] <Hixie> e.g. as you said earlier, the Allow: thing
# [01:04] <annevk> seems more like requirements on the Allow:, not on Method-Check
# [01:04] <Hixie> ?
# [01:04] <annevk> Allow or absense thereof*
# [01:04] <Hixie> Allow: is what it sends in response to Method-Check
# [01:05] <Hixie> thus the requirement is on Method-Check
# [01:05] <annevk> you mean it follows from the request that includes Method-Check?
# [01:06] <Hixie> right
# [01:06] <annevk> (btw, what do you think of jonas proposal about defaulting to the referer-root URI scheme default port?)
# [01:06] * Quits: heycam (n=cam@203-214-114-92.dyn.iinet.net.au) ("bye")
# [01:06] <sicking> i think it's an excellent suggestion
# [01:06] <sicking> cookies to whoever suggested that!
# [01:07] <annevk> :p
# [01:07] <annevk> Hixie, hmm, yeah, the current text in access-control is rather vague on Allow
# [01:07] <sicking> annevk: for example, should it be case sensitive or not?
# [01:08] <Hixie> assuming your "(btw,...)" was to me, i don't understand the question
# [01:08] <annevk> Hixie, oh, see your inbox in that case
# [01:08] <sicking> annevk: case sensitivity is tricky since methods get normalized
# [01:08] <annevk> sicking, that sounds like a bug
# [01:08] <annevk> in theory methods are case sensitive
# [01:09] * annevk ponders
# [01:09] <sicking> right, but people use "post" as well as "POST"
# [01:09] <sicking> and probably "Post" too
# [01:09] * sicking wants to use "P057"
# [01:10] <annevk> "9051"
# [01:11] * Quits: jruderman (n=jruderma@corp-241.mountainview.mozilla.com) (Read error: 104 (Connection reset by peer))
# [01:11] <annevk> sicking, in XMLHttpRequest we made a limited set of HTTP methods case-insensitive
# [01:12] <annevk> although I believe implementations differ from that
# [01:12] <annevk> maybe we should just defy the HTTP gods and make them all case insensitive US-ASCII strings...
# [01:17] <sicking> hmm.. looks like we never change the case
# [01:17] <sicking> we must be somewhere...
# [01:18] <annevk> sicking, btw, ideas non same-origin stuff for XHR1 is also appreciated, especially the last open issue with respect to data:, javascript: etc.
# [01:18] <annevk> I think that's the only thing apart from the Microsoft comment that's blocking a new draft
# [01:18] <sicking> annevk: i think data should always be allowed, and javascript never
# [01:18] <sicking> annevk: well..
# [01:19] <annevk> except after a redirect?
# [01:19] <annevk> the redirects make it annoying
# [01:19] <Hixie> you mean redirect to data: ?
# [01:19] * Quits: sayrer (n=chatzill@user-1087kf0.cable.mindspring.com) (Remote closed the connection)
# [01:20] <annevk> Hixie, yeah
# [01:20] <Hixie> you should basically abort as soon as you redirect out of the origin, as far as i can tell
# [01:20] <sicking> Hixie: why?
# [01:20] <annevk> not with XHR2
# [01:20] <Hixie> with xhr1 i mean
# [01:20] <sicking> ah
# [01:20] <sicking> yeah
# [01:20] <sicking> well
# [01:21] <sicking> i don't really care much about xhr1 there as we already support xhr2 for same-origin stuff
# [01:21] <Hixie> if example.com has a page that redirects to data: to show sensitive data, we don't want evil.invalid to redirect to the page that redirects to data:
# [01:21] <Hixie> yeah i'm just saying for anne's blocking issue
# [01:22] <annevk> for xhr2 you'd need an out-of-origin flag that gets set once you go out of origin which you check the moment you hit a data: URI
# [01:22] <annevk> i think there's such a flag already
# [01:23] <annevk> it would prolly be good to publish xhr2 too, even though it's not done yet
# [01:25] <Hixie> origin->data: should be ok
# [01:25] <Hixie> only origin->remote->data: is bad (and origin->remote is the step that makes it "bad")
# [01:25] <Hixie> origin->remote->origin is also "bad"
# [01:26] <sicking> bad meaning what?
# [01:26] <Hixie> yeah, not sure how to handle that one
# [01:26] <sicking> that you need AC checks?
# [01:27] <Hixie> doing AC checks against the origin is pointless since you're supposing that the origin is evil
# [01:27] <annevk> i think origin->remote->origin is handled by doing ac checks on origin which is kind of pointless
# [01:27] <Hixie> hm, origin->remote->origin is an interesting way of doing cross-origin xhr with UA-provided credentials today
# [01:28] <Hixie> i assume we block that at the moment
# [01:28] <Hixie> but it's unclear to me what XHR2 should do in that case
# [01:28] <sicking> no, today we bail as soon as we get the origin->remote redirect
# [01:28] <Hixie> right
# [01:28] <sicking> yeah
# [01:28] <Hixie> xhr2 should definitely mention that in the security section
# [01:28] <Hixie> not sure how to solve it though
# [01:28] * sicking ponders disabling cross-origin redirects in initial release
# [01:29] <sicking> so one way of solving it is this:
# [01:29] <annevk> there's a flag that tells you whether the initial request is same-origin or not
# [01:30] <sicking> if you have origin->site A->site B->site C redirects
# [01:30] <sicking> check all of origin, site A and site B against the AC rules
# [01:30] <Hixie> jgraham: you still there? if so, i'm not sure how to handle "http://example.com/#comment" vs "http://example.com/ #comment" in the manifest, if we use # as the comment separator
# [01:30] <sicking> and only if all pass allow the content
# [01:30] <Hixie> jgraham: for similar reasons we can't use // as the comment delimiter
# [01:31] <Hixie> so the redirects have to do what? include Access-Control: headers?
# [01:31] <annevk> what's the attack scenario btw?
# [01:32] <sicking> the redirects are normal. but the final doc would have to have AC rules allowing origin, A and B
# [01:32] <annevk> what if site C is origin though
# [01:32] <sicking> fine
# [01:32] <annevk> you're thinking of another problem
# [01:33] <Hixie> i can't really see any attack scenarios here that aren't already a problem with <img> to be honest
# [01:33] <sicking> you check AC rules for origin anyway
# [01:33] <Hixie> since the only data you get back is in the uri, and the origin has access to its own uris
# [01:33] <sicking> Hixie: how so? with <img> you can never read the actual data
# [01:33] <Hixie> there's no data to read here
# [01:33] <Hixie> i'm talking about origin->a->origin
# [01:33] <Hixie> or any case of evil->victim->evil
# [01:33] <annevk> there's data in the URI
# [01:34] <annevk> not?
# [01:34] <sicking> no, i'm thinking victim->evil->vicitm
# [01:34] <Hixie> annevk: right but you can read the uri
# [01:34] <Hixie> sicking: why would victim redirect to evil?
# [01:34] <annevk> with <img>? maybe with <iframe>
# [01:35] <Hixie> yeah, with iframe
# [01:35] <sicking> Hixie: out of curiosity, can you read the final uri of an <img> redirect?
# [01:35] <Hixie> with an <iframe> you can
# [01:35] <sicking> you can?
# [01:35] <Hixie> (on another note, why does rfc3986 have a stick figure in the diagram in section 3)
# [01:35] <sicking> you can't read iframe.contentWindow.location
# [01:35] <Hixie> sure, just read contentDocument.location
# [01:35] <Hixie> you can, it's yours
# [01:35] <sicking> nope, it's write-only
# [01:36] <sicking> iirc
# [01:36] <sicking> i should add :)
# [01:36] <Hixie> we're talking about the case where you've redirected back to yourself, right?
# [01:36] <sicking> ah, ok, in that case
# [01:36] <sicking> sorry, got side tracked
# [01:36] <Hixie> the cases when you don't redirect to yourself, we've already taken care of
# [01:36] <Hixie> as far as i can tell
# [01:36] <sicking> yeah, sorry, i was talking about something else
# [01:37] <annevk> ok, so origin->foobar->origin does not need an access check and is ok
# [01:37] <annevk> as it has the same risks that <iframe> already has
# [01:37] <annevk> fun
# [01:38] <sicking> hmm..
# [01:38] <sicking> i'm not entirely convinced
# [01:39] <Hixie> what's the attack scenario that you can't already do?
# [01:39] <sicking> but i don't have the attack scenario entierly clear
# [01:40] <sicking> why do we have a flag for has-been-crossorigin?
# [01:40] <annevk> sicking, because at some point we deemed this to be a problem
# [01:41] <annevk> and solved it wrongly
# [01:44] <annevk> (There is a flag in the current spec for initially same-origin that helps with a non same-origin redirect for non-GET requests.)
# [01:45] <annevk> sicking, btw, user/password can't be included in redirects, or do you mean as part of the URI?
# [01:47] <sicking> yeah, as part of the uri
# [01:47] <sicking> you can redirect to http://foo:bar@example.org/
# [01:48] <annevk> yup, k
# [01:48] <Hixie> blimey URIs use a lot of symbols. ok if we're to allow comments at end of lines we have to have a comment delimited that isn't one of + - . : / @ _ ~ % ! $ & ' ( ) * , ; = [ ] ? #
# [01:48] <Hixie> what does that leave
# [01:48] <annevk> Hixie, why would fragment identifiers be part of the URIs in the manifest?
# [01:48] <sicking> sol
# [01:48] <annevk> a pipe?
# [01:49] <annevk> http://test | comment
# [01:49] <sicking> hmm.. it's on my swedish keyboard, but on the US one
# [01:49] <sicking> ¤
# [01:49] <annevk> \\
# [01:49] <Hixie> annevk: i have no idea, but it would be confusing if we disallowed it since it wouldn't look disallowed
# [01:49] <Dashiva> § :)
# [01:50] <annevk> " comment
# [01:50] <annevk> { comment }
# [01:50] <sicking> ok kids, gotta profile stuff, so closing un-needed apps
# [01:50] <sicking> see ya l8er
# [01:50] * Quits: sicking (n=chatzill@corp-241.mountainview.mozilla.com) ("ChatZilla 0.9.78.1 [Firefox 2.0.0.7/2007091417]")
# [01:51] <Hixie> the punctuation we have left in ASCII is: " < > \ ^ ` { | }
# [01:51] <Hixie> we could use {...} like in pascal
# [01:52] <Philip`> Why can't the comment just require a space before it?
# [01:52] <Dashiva> An end delimiter seems annoying for end-of-line comments
# [01:53] <Hixie> Philip`: because the space doesn't look important
# [01:53] <annevk> http://example.org/test test/
# [01:53] <Hixie> that'd be a valid line in the fallback section
# [01:53] <Philip`> I mean a space before a #, so http://example.org/#test is still a single URI but http://example.org/ #test is a comment
# [01:54] <Dashiva> Seems prone to errors
# [01:54] <Philip`> unless #test might be interpreted as a relative URI
# [01:54] <annevk> Hixie, oh interesting, so %20 is required
# [01:54] <Dashiva> I'd prefer | or maybe >>
# [01:54] <Dashiva> Looks delimiter-ish
# [01:54] <Hixie> Philip`: beacuse it would mean that "http://example.org/# unimportant" was a fallback line instead of one URI with a comment, despite looking like the latter
# [01:55] <Hixie> (because "http://example.org/#" and "unimportant" are both valid URIs)
# [01:55] <kingryan> what about '*' ?
# [01:55] * Joins: heycam (n=cam@clm-laptop.infotech.monash.edu.au)
# [01:55] <Hixie> kingryan: the punctuation we have left in ASCII is: " < > \ ^ ` { | }
# [01:56] <kingryan> oh, I missed that
# [01:56] * kingryan has no idea where * is used in URLs
# [01:56] <Hixie> kingryan: me either, but there we go
# [01:56] <kingryan> " would be like VB, right?
# [01:56] <kingryan> or was that a single quote?
# [01:57] <kingryan> http://example.com/ "an example url
# [01:57] <Philip`> http://search.cpan.org/~kane/Acme-Comment/lib/Acme/Comment.pm lists some current comment syntaxes
# [01:57] * Joins: karlUshi (n=karl@dhcp-247-173.mag.keio.ac.jp)
# [01:57] <annevk> file names and such can include most of those characters btw so URIs could include them...
# [01:58] <Philip`> "Pilot: Single-line comments in the syntax \/\/ are supported." - that starts with an acceptable character
# [01:58] * Dashiva ponders HTML comments
# [01:58] <Dashiva> They start with a non-URL char
# [01:58] * annevk isn't sure whether URI legalness is cared much for and whether the current syntax should be loosened
# [01:59] <kingryan> why don't we put a special character in the 7th column, like cobol?
# [01:59] <annevk> yeah, lets introduce the insane comment parsing everywhere!
# [01:59] <Hixie> well this discussion is pretty much cementing my conclusion to avoid end-of-line comments :-P
# [02:00] <kingryan> Hixie: aren't you concerned that people will use them anyway?
# [02:00] <Philip`> We could have a table at the end of the file which lists the byte ranges in the earlier part of the file that should be interpreted as comments
# [02:00] <Hixie> kingryan: if they do, the entire line will be ignored
# [02:00] <kingryan> until some browser decides to be more liberal in their parsing :)
# [02:01] <Hixie> Philip`: if we do that, i'd want the offsets expressed relative to 12-bit words
# [02:01] <Dashiva> annevk: Well, browsers have to be able to parse them anyway :P
# [02:01] <Hixie> kingryan: since the spec will define error handling too, it'll be less likely to happen. but yes, if we get implementation feedback to the effect that we must change the rules, then that's a different matter.
# [02:02] <Dashiva> Besides, it would just be a check for  would just become part of the comment if included
# [02:03] <karlUshi> Dashiva: which might break some CMS
# [02:03] <karlUshi>
# [02:03] <Philip`> Dashiva: That sounds evil, since people would expect they could put  on separate lines surrounding a block they want to remove
# [02:03] <Dashiva> Philip`: Then they haven't used enough JS >:D
# [02:05] <Dashiva> What about a heredoc-ish thing? The manifest can define its own comment delimiter
# [02:05] * annevk -> bed
# [02:07] <Hixie> lol http://bugs.webkit.org/show_bug.cgi?id=5909#c30
# [02:07] * Joins: ozamoi (n=ozamosi@85.8.1.10.static.se.wasadata.net)
# [02:13] <Dashiva> About time they admitted it :P
# [02:19] * Joins: othermaciej (n=mjs@17.255.97.100)
# [02:19] <othermaciej> annevk, Hixie: sorry meeting
# [02:19] <othermaciej> if it just replies with what methods are allowed, shouldn't it be a different method, not a different header?
# [02:20] <othermaciej> if it never actually gives you the entity body then it seems to me the behavior is more header-like than method-like
# [02:40] * Joins: aaronlev (n=chatzill@209-6-168-245.c3-0.arl-ubr2.sbo-arl.ma.cable.rcn.com)
# [02:59] * Joins: yod (n=ot@dhcp-247-29.mag.keio.ac.jp)
# [02:59] * Quits: billmason (n=billmaso@ip156.unival.com) (Read error: 104 (Connection reset by peer))
# [03:02] * Quits: h3h (n=w3rd@66-162-32-234.static.twtelecom.net) ("|")
# [03:06] * Quits: kingryan (n=kingryan@corp.technorati.com) (Read error: 110 (Connection timed out))
# [03:11] * ozamoi is now known as ozamosi
# [03:16] * Quits: othermaciej (n=mjs@17.255.97.100)
# [03:18] * Joins: othermaciej (n=mjs@17.255.97.100)
# [03:23] * Quits: aaronlev (n=chatzill@209-6-168-245.c3-0.arl-ubr2.sbo-arl.ma.cable.rcn.com) ("ChatZilla 0.9.78.1 [Firefox 2.0.0.7/2007091417]")
# [03:33] * Quits: othermaciej (n=mjs@17.255.97.100)
# [03:52] * Joins: h3h (n=w3rd@cpe-76-88-44-219.san.res.rr.com)
# [03:54] * Quits: weinig (n=weinig@17.203.15.140)
# [04:02] * Quits: jgraham (n=jgraham@81-86-218-47.dsl.pipex.com) (Read error: 110 (Connection timed out))
# [04:04] * Joins: Kuruma (n=Kuruman@h123-176-107-050.catv01.catv-yokohama.ne.jp)
# [04:05] * Joins: MikeSmith (n=MikeSmit@203.155.34.120)
# [04:06] * Joins: jwalden (n=waldo@RANDOM-THREE-FORTY-ONE.MIT.EDU)
# [04:09] * Quits: h3h (n=w3rd@cpe-76-88-44-219.san.res.rr.com)
# [04:58] * Joins: h3h (n=w3rd@cpe-76-88-44-219.san.res.rr.com)
# [04:59] * Quits: aroben (n=adamrobe@unaffiliated/aroben)
# [05:01] * Joins: othermaciej (n=mjs@dsl081-048-145.sfo1.dsl.speakeasy.net)
# [05:01] * Joins: jruderman (n=jruderma@corp-241.mountainview.mozilla.com)
# [05:04] * Joins: weinig (n=weinig@adsl-71-138-131-151.dsl.pltn13.pacbell.net)
# [05:07] * Quits: weinig (n=weinig@adsl-71-138-131-151.dsl.pltn13.pacbell.net) (Remote closed the connection)
# [05:07] * Joins: weinig (n=weinig@adsl-71-138-131-151.dsl.pltn13.pacbell.net)
# [05:22] * Quits: heycam (n=cam@clm-laptop.infotech.monash.edu.au) (Remote closed the connection)
# [05:56] * Quits: MikeSmith (n=MikeSmit@203.155.34.120) (Excess Flood)
# [05:56] * Joins: MikeSmith (n=MikeSmit@203.155.34.120)
# [06:04] * Joins: aroben (n=adamrobe@c-67-160-250-192.hsd1.ca.comcast.net)
# [06:05] * Quits: jeremyb (n=jeremy@unaffiliated/jeremyb) (Read error: 104 (Connection reset by peer))
# [06:05] * Joins: jeremyb (n=jeremy@unaffiliated/jeremyb)
# [06:43] * Quits: aroben (n=adamrobe@unaffiliated/aroben)
# [07:03] * Quits: doublec (n=doublec@202.180.114.137)
# [07:05] * Joins: aroben (n=aroben@unaffiliated/aroben)
# [07:09] * Joins: htmlr (n=htmlr@124-171-28-193.dyn.iinet.net.au)
# [07:15] * Quits: MikeSmith (n=MikeSmit@203.155.34.120) ("Less talk, more pimp walk.")
# [07:40] * Quits: jruderman (n=jruderma@corp-241.mountainview.mozilla.com)
# [07:50] * Quits: weinig (n=weinig@adsl-71-138-131-151.dsl.pltn13.pacbell.net) (Remote closed the connection)
# [07:51] * Joins: weinig (n=weinig@adsl-71-138-131-151.dsl.pltn13.pacbell.net)
# [07:54] * Joins: virtuelv (n=virtuelv@pat-tdc.opera.com)
# [07:56] * Joins: jruderman (n=jruderma@user-64-9-232-189.googlewifi.com)
# [08:01] <hsivonen> hmm. so John Foliot considers suing people "social engineering"...
# [08:02] <othermaciej> indeed, an unusual point of view
# [08:03] * Quits: csarven (n=nevrasc@modemcable130.251-202-24.mc.videotron.ca) ("http:/www.csarven.ca")
# [08:25] * Quits: jruderman (n=jruderma@user-64-9-232-189.googlewifi.com) (Read error: 110 (Connection timed out))
# [08:26] * Joins: jruderman (n=jruderma@c-67-180-15-227.hsd1.ca.comcast.net)
# [08:31] <hsivonen> Hixie: should inline data templates be outright non-conforming in text/html inputs, then?
# [08:32] <hsivonen> Hixie: Re: one possible context: do you mean the rule content model should be bimorphic, embedded, metadata or any table slice?
# [08:33] <hsivonen> Hixie: I don't think I can agree at present (without examples to the contrary) that datatemplates were simpler than repetition templates for either authors or UA implementors
# [08:34] <hsivonen> Hixie: were there cases where repetition templates sucked badly and that data templates address?
# [08:36] <othermaciej> I still don't really understand the use cases for repetition templates
# [08:37] <othermaciej> people usually mention online store shopping carts but they are clearly not useful for that
# [08:37] <hsivonen> off-hand, I remember implementing repeating forms twice:
# [08:38] <hsivonen> 1) a simple task tracking app
# [08:38] <hsivonen> 2) an app for authoring online questionnaires
# [08:39] <hsivonen> though the latter was too ajaxy to be really done without JS
# [08:39] <hsivonen> but I guess it could have been done without JS with repetition templates
# [08:40] <othermaciej> I guess I really wonder how often a button that just does add or remove of a repetition item is useful; it would have to be a case where you don't want to do anything else with script when adding or removing a repeat item
# [08:40] <hsivonen> othermaciej: yes, I guess most often you want to do something else as well
# [08:40] <othermaciej> it seems weird to me to have specialized kinds of button controls just for these two actions
# [08:41] <hsivonen> with data templates, I get an even stronger feeling that it is something complex that only deals with simple cases and real apps will have to work around the limitations anyway
# [08:42] <hsivonen> which is why I asked on the list why querySelector() and E4X tree literals aren't the answer
# [08:42] <othermaciej> well, having a clear model for escaping to script helps
# [08:42] <othermaciej> I don't think any current E4X implementation has good integration with the DOM
# [08:42] <othermaciej> maybe I am wrong on this
# [08:42] <othermaciej> in any case E4X is hardly less complex than datatemplate
# [08:43] <hsivonen> Hixie: anyway, my intuitive reaction to repetition templates was positive and my intuitive reaction to data templates was very negative (regardless of RELAX NG considerations). I'd like to see more examples.
# [08:43] <hsivonen> othermaciej: E4X isn't less complex, but it solves the problem of DOM fragment literals in the right place
# [08:44] <othermaciej> hsivonen: you think the JavaScript level is the right place for DOM fragment literals?
# [08:45] <othermaciej> (and really E4X only gives you XML fragment literals, converting them to DOM form is an excercise left to the reader)
# [08:45] <hsivonen> othermaciej: yes, because for JS, DOM fragments are very common (like strings and hashtables)
# [08:45] <hsivonen> othermaciej: yeah, that's a problem
# [08:46] <othermaciej> hsivonen: I guess the current state of the art is for JS to store DOM fragments as strings
# [08:46] <othermaciej> and use stuff like innerHTML to get them into the tree
# [08:46] <hsivonen> yes
# [08:46] <othermaciej> sadly that is both much easier and much more performant than using DOM APIs
# [08:46] <othermaciej> referring to fragments declared elsewhere does seem like a pain
# [08:46] <othermaciej> hyatt tells me XUL's similar template feature was used to good effect
# [08:47] <hsivonen> also vulnerable against unescaped data under concatenation
# [08:47] <othermaciej> I guess it is mainly useful for data binding type use cases, but where your data model may change over time so XSLT is not suitable
# [08:47] <hsivonen> othermaciej: did you see anne's link to the anti-XUL template article?
# [08:49] <othermaciej> hsivonen: well, hyatt clearly has reason to be biased about things XULish
# [08:50] <othermaciej> one thing that datatemplates seemed like they might be nice for is <datalist> used with an <input>; if the data source is external, you can convert it to the needed format client side
# [08:51] <othermaciej> it would also be nice to have some way to get datagrid to bind to data
# [08:51] <othermaciej> I did not see the link
# [08:51] <othermaciej> is it in the logs?
# [08:51] <hsivonen> I'm still entirely unconvinced that just writing JS binding glue isn't a better solution considering that it is backwards compatible and can do anything that is computable without having to escape to another solution
# [08:52] <hsivonen> othermaciej: yes, it the logs. but here it is: http://www.jerf.org/resources/xblinjs/whyNotMozilla/notXulTemplates.html
# [08:54] <othermaciej> the idea of general-purpose templating does sound kind of cool, but to be fair it also seems like the area is littered with half-assed failures
# [08:55] <hsivonen> (even though querySelector() and E4X tree literals aren't backwards compatible, Prototype and jQuery plus innerHTML are Good Enough substitutes)
# [08:55] <othermaciej> maybe better to stick to adopting solutions where there is no script-based alternative and/or where an appropriate solution is clear
# [09:03] <othermaciej> reading that reminds me of using XSLT vs. a perl script and regexps for document transforms for some reason
# [09:03] <othermaciej> "clever" declarative solution that makes simple things into a mind puzzle
# [09:03] <othermaciej> some people find that sort of thing fun
# [09:11] <hsivonen> Hixie: your blog front page seems to have so have Pingback-related UTF-8 badness (lone byte 0xC2 for example)
# [09:13] <othermaciej> hsivonen: I'm asking hyatt to tell me about templates on #webkit
# [09:14] * Joins: aroben_ (n=aroben@unaffiliated/aroben)
# [09:14] * Joins: heycam (n=cam@203-214-114-92.dyn.iinet.net.au)
# [09:25] * Quits: yod (n=ot@dhcp-247-29.mag.keio.ac.jp) ("Leaving")
# [09:27] * Quits: aroben (n=aroben@unaffiliated/aroben) (Nick collision from services.)
# [09:27] * aroben_ is now known as aroben
# [09:31] * Quits: karlUshi (n=karl@dhcp-247-173.mag.keio.ac.jp) ("Where dwelt Ymir, or wherein did he find sustenance?")
# [09:38] * Joins: hyatt (n=no@209.173.92.142)
# [09:38] <othermaciej> hello hyatt
# [09:39] <hyatt> hi
# [09:40] <hsivonen> hi
# [09:42] <hsivonen> hyatt: do we expect Web apps to have multiple view of a data source often enough to engineer a built-in feature for that case?
# [09:42] <hyatt> yeah that's a good question
# [09:44] <hsivonen> when I did the "remarkably short" manual binding, I had code that loaded the model tree via XHR and looped over it to copy the data to the view tree. at the same time, as each view chunk was created, I added closures that captured model references as view onchange handlers, so changes to the view were immediately reflected in the model
# [09:44] <hsivonen> then I used XHR for sending the model back
# [09:44] <hyatt> those closures would take up a lot of memory
# [09:45] <hyatt> if you mean you had 1 for each "data item" basically
# [09:45] <hsivonen> yes, one for each item that needed to be synced back to the model
# [09:46] <othermaciej> I can see how that might hurt if you had thousands of editable items (like a bookmarks list or something)
# [09:46] <hyatt> thats the kind of stuff that xul templates would avoid
# [09:46] <hyatt> having 3000 JS objects for closures
# [09:46] <hyatt> for example
# [09:48] <hsivonen> if I hadn't created new closures but had shared the same syncing function instance on each item and had a separate plain object reference to the model on each item would that have been acceptable?
# [09:48] <hsivonen> does a custom object reference on a DOM node have such a memory overhead that creating new HTML language features is justified to avoid it?
# [09:49] <hyatt> well some of this also depends on how well the template feature is implemented too
# [09:49] <hyatt> it may take up a lot of memory also in order to efficiently transmit changes
# [09:49] <hsivonen> especially considering that desktops already have abundant RAM and handheld resource grow all the time
# [09:50] <hyatt> yeah
# [09:50] <hsivonen> hyatt: what was the "yeah" in reference to?
# [09:50] <hyatt> yeah i see your point
# [09:51] <hsivonen> ok
# [09:51] <hyatt> is there some way to observe changes in sqlite databases in whatwg's spec
# [09:51] <hyatt> i don't think this feature is just about binding to XML DOM data back ends
# [09:52] <hyatt> but should be about binding to a database
# [09:52] <othermaciej> the whatwg spec doesn't have a way to observe changes on the database
# [09:52] <hyatt> even if we never do something like datatemplate, we should make sure it's easy to observe database changes in JS
# [09:52] <othermaciej> I'm not sure databases with sql-based APIs have that
# [09:52] <othermaciej> I was thinking about it just now though
# [09:52] <hyatt> i'm sure they must have something since i think mozilla is moving to that kind of database
# [09:52] <hyatt> and xul templates have to work
# [09:53] <othermaciej> seems like you can't just use the database as a data model if it doesn't have change notification, you need something on top
# [09:53] <hsivonen> hyatt: can there be anything but the app itself modifying the database? wouldn't the right hand of the app effectively be observing what the left hand does with the db as an intermediate?
# [09:53] * Quits: KevinMarks (i=KevinMar@nat/google/x-a6c1ffb85b76b22d) ("The computer fell asleep")
# [09:53] <othermaciej> hsivonen: if the app is multiple windows and you can't observe, you need to make an ad-hoc change notification protocol
# [09:53] <hsivonen> othermaciej: ok
# [09:53] <othermaciej> you might even be running multiple instances that have no way (currently) to rendezvous
# [09:54] <othermaciej> the Storage API does have change notifications
# [09:54] <othermaciej> so you could use that for notification and the database for storage
# [09:54] <othermaciej> but that seems crappy
# [09:54] <othermaciej> I will ask the Safari team's local SQL experts about this tomorrow
# [09:55] <hyatt> i really think you should be able to build UI easily from a local SQL database
# [09:55] <hyatt> that might be modified dynamically
# [09:55] <hyatt> e.g., maybe facebook dumps your friends list in there
# [09:55] <hyatt> and updates it when you yank a friend
# [09:56] <hyatt> would be cool if it was easy for the web page to just fix up the UI
# [09:56] <hyatt> anywhere friends are being displayed
# [09:57] <aroben> othermaciej: I think SQLite has callbacks for when data is changed
# [09:57] <hsivonen> intuitively, the ability to register JS change listeners to a data source seems more complete than templating
# [09:58] <hyatt> i certainly think it should be there
# [09:58] <hyatt> regardless of whether templating is around
# [09:58] <aroben> othermaciej: http://www.sqlite.org/capi3ref.html#sqlite3_update_hook
# [09:58] <hyatt> (register change listeners to an SQL data source i mean)
# [09:59] <othermaciej> aroben: ok, I'll get Brady to look at it and see if we can propose something
# [09:59] <hyatt> the biggest negative i think about templates
# [10:00] <hyatt> is that they can be rocket science
# [10:00] <hyatt> to the average web site developer
# [10:00] <hyatt> not many people at netscape could understand them
# [10:00] <hyatt> but then again not many people at netscape could understand much of anything
# [10:00] <hsivonen> basically, my concern with templates is this: the solution for easy cases and the solution for complex cases should not be separate but on the same continuum so that if you start with an easy case and find that you need to add something, you don't need to from the solution for easy cases go back to zero and restart with the solution for complex cases.
# [10:01] <hyatt> yes i agree with that statement
# [10:03] <hyatt> so here's some of what made templates nasty in xul
# [10:03] <hyatt> templates were basically built on top of something called RDF
# [10:03] <hyatt> RDF's job was to aggregate data from multiple data sources
# [10:03] <hyatt> into a graph
# [10:04] <hyatt> thus you could think of data as being a collection of "assertions" made between nodes in some universe
# [10:04] <hyatt> much of the complexity and headaches of xul templates
# [10:05] <hyatt> arose from having to talk to a graph rather than a tree
# [10:05] <hyatt> e.g., it wasn't clear what relationships would constitute "parent/child" relationships
# [10:05] <hyatt> and which would be "attributes"
# [10:05] * Quits: weinig (n=weinig@adsl-71-138-131-151.dsl.pltn13.pacbell.net) (Read error: 104 (Connection reset by peer))
# [10:06] <hyatt> RDF also had funny performance limitations
# [10:06] <hyatt> because it produces a graph
# [10:06] <hyatt> it's actually very bad at say removing an item from an ordered sequence
# [10:06] <hyatt> because what you have is arcs labeled 1, 2, 3, 4, 5 etc.
# [10:06] <hyatt> so inserting an item could force a renumbering to occur
# [10:07] <hyatt> in other words conventional "DOM"-like trees are actually very clumsy to operate on or manipulate when represented via RDF
# [10:07] <hyatt> and yet much of the data that XUL wanted to operate on was more naturally representable as a tree rather than a graph
# [10:07] <hyatt> e.g., bookmarks
# [10:08] <hyatt> so RDF can be blamed for a lot of the performance troubles that XUL templates have
# [10:08] <hyatt> it's not really the template that is slow, it's the RDF updating
# [10:09] <hyatt> so anyway if the back end is more of a tree model
# [10:09] <hyatt> or even a list model where items can be updated and indexed efficiently
# [10:10] <hyatt> the syntax and performance of a template should be much better than in XUL
# [10:11] <hyatt> i think the big question is, will web pages be producing apps of such complexity that they would benefit from templates
# [10:11] * Joins: KevinMarks (n=KevinMar@user-64-9-237-202.googlewifi.com)
# [10:11] <hyatt> most of the time, the answer is "probably not"
# [10:22] * Quits: KevinMarks (n=KevinMar@user-64-9-237-202.googlewifi.com) (Client Quit)
# [10:22] <hsivonen> yeah, there's the problem that the application needs to match the level of complexity templates assume. If it is too simple, templates don't help. If it is too complex, templates don't help, either (without growing into an awkward programming language like XSLT)
# [10:22] * Joins: weinig (n=weinig@adsl-71-138-131-151.dsl.pltn13.pacbell.net)
# [10:22] <hyatt> there is something XSLT-like about templates
# [10:22] <hyatt> but i do think they are simpler
# [10:22] <hyatt> than XSLT at least
# [10:22] * Quits: h3h (n=w3rd@cpe-76-88-44-219.san.res.rr.com)
# [10:22] <hsivonen> zcorpan: HTML 4.0 is now special-cased: http://validator.nu/?doc=http%3A%2F%2Fln.hixie.ch%2F
# [10:22] <hyatt> you can think of the firefox "web app" as being incredibly complex :)
# [10:22] <hyatt> hsivonen: this is kind of a feeble argument
# [10:22] <hyatt> hsivonen: but other languages like flex do have these features
# [10:22] <hyatt> hsivonen: i.e., it may be perceived as something we should have in the language to "keep up" with other RIA alternatives
# [10:22] <hyatt> i guess i convinced hixie that this feature is cool
# [10:22] <hyatt> :)
# [10:23] <hyatt> i'll look at the thread soon hopefully
# [10:23] <hyatt> and see what was actually proposed
# [10:23] * hsivonen googles for flex bindings
# [10:24] <hyatt> yeah i need to research those also
# [10:24] <hyatt> i am stating that they are similar
# [10:24] <hyatt> but could be totally mistaken
# [10:24] <hyatt> hsivonen: i think at some point it might be worthwhile tryign to pick some of the html5 features to punt to html6
# [10:24] <hyatt> or 5.1
# [10:25] <hyatt> or whatever the next version will be
# [10:25] <hyatt> html5 is just huge and intimidating at this point
# [10:25] <hyatt> so much new stuff
# [10:25] <hsivonen> hyatt: yeah
# [10:26] * hsivonen notes that Adobe has copied the year-in-namespace-URI anti-pattern from the W3C
# [10:26] <hyatt> bedtime for me
# [10:26] <hyatt> night
# [10:26] * Quits: hyatt (n=no@209.173.92.142)
# [10:28] * Quits: htmlr (n=htmlr@124-171-28-193.dyn.iinet.net.au)
# [10:30] <hsivonen> hmm. the first Flex examples Adobe offers don't have anything in them explaining why you wouldn't want to use an onchange event handler plus a matching initializer (except you avoid the part of having to write the matching initializer)
# [10:31] <hsivonen> heh. the Flex reference is like javadocs after a treatment by a graphic designer
# [10:34] * Joins: jgraham (n=jgraham@81-86-210-113.dsl.pipex.com)
# [10:34] <hsivonen> wow, flex is huge. I wonder how many person-centuries Adobe has put into this proprietary platform
# [10:38] * Quits: aroben (n=aroben@unaffiliated/aroben) ("Leaving")
# [10:47] * Joins: BenWard (i=BenWard@nat/yahoo/x-7c468dee75a43d40)
# [10:49] * Joins: zcorpan (n=zcorpan@pat.se.opera.com)
# [11:02] * Quits: tantek (n=tantek@212.145.150.218)
# [11:05] <mpt> othermaciej, with special types of buttons for add/remove, WebKit can know to draw them as (–)(+) in Mac OS X rather than as [–][+] :-)
# [11:06] * Joins: Steve_f (n=chatzill@82-44-69-8.cable.ubr02.nmal.blueyonder.co.uk)
# [11:07] <othermaciej> mpt: huh?
# [11:07] * Quits: bzed (n=bzed@devel.recluse.de) (Remote closed the connection)
# [11:07] * Joins: bzed (n=bzed@devel.recluse.de)
# [11:08] <mpt> <othermaciej> it seems weird to me to have specialized kinds of button controls just for these two actions
# [11:09] <othermaciej> mpt: yes, but I don't understand what you are saying about (-)(+) vs [-][+]
# [11:10] <mpt> I mean circular (like all the add/remove row buttons in Mac OS X), rather than rectangular (like typical <button>s)
# [11:12] * Joins: tantek (n=tantek@cm-staticIP-85-152-41-1.telecable.es)
# [11:18] <annevk> anyone here who happens to know how to limit a <Files foo> to the current directory in Apache?
# [11:19] <annevk> I'm confused, why does http://www.whatwg.org/specs/web-apps/current-work/ have the W3C specification layout?
# [11:28] * Joins: ROBOd (n=robod@89.122.216.38)
# [11:29] <mpt> It's a conspiracy
# [11:30] <mpt> Either that, or a CVS error
# [11:30] <annevk> WHATWG uses SVN
# [11:30] <annevk> maybe Hixie's script messed up
# [11:34] <mpt> I get a 502 Proxy Error on the w3.org version, but not on the rest of w3.org
# [11:35] <annevk> dev.w3.org seems down
# [11:39] * Joins: KevinMarks (n=KevinMar@98.207.134.151)
# [11:40] * Quits: tantek (n=tantek@cm-staticIP-85-152-41-1.telecable.es) (Read error: 104 (Connection reset by peer))
# [11:40] * Joins: tantek (n=tantek@cm-staticIP-85-152-41-1.telecable.es)
# [11:43] * Joins: tantek_ (n=tantek@cm-staticIP-85-152-41-1.telecable.es)
# [11:45] <annevk> it's up again
# [11:49] * Quits: tantek (n=tantek@cm-staticIP-85-152-41-1.telecable.es) (Read error: 104 (Connection reset by peer))
# [11:55] * Quits: hasather_ (n=hasather@90-227-221-48-no62.tbcn.telia.com) ("leaving")
# [11:59] * Quits: tantek_ (n=tantek@cm-staticIP-85-152-41-1.telecable.es)
# [12:03] * Joins: dev0 (i=Tobias@unaffiliated/icefox0)
# [12:51] * Joins: doublec (n=doublec@203-211-99-47.ue.woosh.co.nz)
# [12:59] * Joins: tantek (n=tantek@cm-staticIP-85-152-41-1.telecable.es)
# [13:01] * Joins: tantek_ (n=tantek@cm-staticIP-85-152-41-1.telecable.es)
# [13:08] * Quits: tantek (n=tantek@cm-staticIP-85-152-41-1.telecable.es) (Read error: 104 (Connection reset by peer))
# [13:13] <zcorpan> hmm. is the [[Get]] method on HTMLDocument defined in html5?
# [13:15] <annevk> don't think so
# [13:16] * zcorpan reverse engineers the others
# [13:24] * Quits: tantek_ (n=tantek@cm-staticIP-85-152-41-1.telecable.es) (Connection timed out)
# [13:50] * Joins: tantek (n=tantek@cm-staticIP-85-152-41-1.telecable.es)
# [13:53] * Joins: tndH (i=Rob@adsl-87-102-67-202.karoo.KCOM.COM)
# [13:56] * Quits: tantek (n=tantek@cm-staticIP-85-152-41-1.telecable.es)
# [13:57] * Joins: karlUshi (n=karl@116-64-98-243.rev.home.ne.jp)
# [13:59] <zcorpan> hmm, role in svg eh
# [13:59] <zcorpan> then html:role might as well be dropped altogether?
# [14:00] <annevk> yeah
# [14:00] <annevk> it's of no use in languages that have no notion of focusability anyway
# [14:00] * Quits: doublec (n=doublec@203-211-99-47.ue.woosh.co.nz)
# [14:02] <zcorpan> indeed
# [14:02] <zcorpan> post this to the list?
# [14:02] <annevk> and making that global too just leads to people using the wrong format
# [14:02] * Joins: yod (n=ot@softbank221018155222.bbtec.net)
# [14:04] <zcorpan> although allowing it for any format makes it easier to support in a particular format; just add a way to make elements focusable
# [14:05] <annevk> that depends on how you implement it
# [14:06] <annevk> another way would be: just add a namespace URI to some list
# [14:19] * Joins: tndH_ (i=Rob@adsl-87-102-67-202.karoo.KCOM.COM)
# [14:30] * Quits: virtuelv (n=virtuelv@pat-tdc.opera.com) ("Leaving")
# [14:32] * Quits: mpt (n=mpt@canonical/launchpad/mpt) ("Leaving")
# [14:37] * Quits: Steve_f (n=chatzill@82-44-69-8.cable.ubr02.nmal.blueyonder.co.uk) ("ChatZilla 0.9.78.1 [Firefox 2.0.0.7/2007091417]")
# [14:38] * Quits: tndH (i=Rob@adsl-87-102-67-202.karoo.KCOM.COM) (Read error: 110 (Connection timed out))
# [14:47] * tndH_ is now known as tndH
# [14:49] * Joins: aaronlev (n=chatzill@209-6-168-245.c3-0.arl-ubr2.sbo-arl.ma.cable.rcn.com)
# [14:51] * Quits: aaronlev (n=chatzill@209-6-168-245.c3-0.arl-ubr2.sbo-arl.ma.cable.rcn.com) (Client Quit)
# [15:01] * Quits: karlUshi (n=karl@116-64-98-243.rev.home.ne.jp) ("Where dwelt Ymir, or wherein did he find sustenance?")
# [15:06] * Quits: yod (n=ot@softbank221018155222.bbtec.net) ("Leaving")
# [15:07] * gsnedders laughs at rumours that Apple is working on something to rival Google Gears
# [15:20] <zcorpan> annevk: could you rephrase? i don't follow
# [15:22] <annevk> i'm saying that the cost of adding support for these attributes on n-formats does not have to be big
# [15:28] <zcorpan> annevk: ok. indeed
# [15:29] <zcorpan> we'd still have to support aaa:foo="" though
# [15:29] <zcorpan> i think
# [15:30] <zcorpan> unless we can convince dojo to use both aria-foo and aaa:foo
# [15:33] <annevk> lets hope we can
# [15:38] * Quits: jwalden (n=waldo@RANDOM-THREE-FORTY-ONE.MIT.EDU) ("ChatZilla 0.9.78.1-rdmsoft [XULRunner 1.8.0.9/2006120508]")
# [15:41] <zcorpan> i've emailed aaronlev and anders, let's see what they think
# [15:43] * Joins: Lachy (n=lachlan_@pat-tdc.opera.com)
# [15:44] * Parts: Lachy (n=lachlan_@pat-tdc.opera.com)
# [15:47] * Joins: lachlanh (n=chatzill@pat-tdc.opera.com)
# [15:50] * Quits: lachlanh (n=chatzill@pat-tdc.opera.com) (Client Quit)
# [15:50] * Joins: lachlanh (n=chatzill@pat-tdc.opera.com)
# [15:51] * Quits: lachlanh (n=chatzill@pat-tdc.opera.com) (Client Quit)
# [15:54] * Joins: Charl (n=charlvn@c1-88-12.wblv.isadsl.co.za)
# [15:58] * Joins: tndH_ (i=Rob@adsl-213-249-237-231.karoo.KCOM.COM)
# [16:02] * Joins: lachlanh (n=chatzill@pat-tdc.opera.com)
# [16:04] * Quits: lachlanh (n=chatzill@pat-tdc.opera.com) (Client Quit)
# [16:04] * Joins: lachlanh (n=chatzill@pat-tdc.opera.com)
# [16:10] * Quits: annevk (n=annevk@86.90.70.28) (Read error: 110 (Connection timed out))
# [16:11] * Joins: hasather (n=hasather@90-227-221-48-no62.tbcn.telia.com)
# [16:14] * Joins: dglazkov (n=dglazkov@adsl-065-081-081-030.sip.bhm.bellsouth.net)
# [16:15] * Quits: lachlanh (n=chatzill@pat-tdc.opera.com) ("ChatZilla 0.9.78.1 [Firefox 3.0a8/2007091216]")
# [16:15] * Joins: lachlanh (n=chatzill@pat-tdc.opera.com)
# [16:17] * Quits: tndH (i=Rob@adsl-87-102-67-202.karoo.KCOM.COM) (Read error: 110 (Connection timed out))
# [16:17] * lachlanh is now known as Lachy
# [16:23] * Quits: Lachy (n=chatzill@pat-tdc.opera.com) (Remote closed the connection)
# [16:29] * Joins: Lachy (n=lachlan_@pat-tdc.opera.com)
# [17:01] <Philip`> It's slightly irritating that when I find a nice technique in SVG to achieve some effect, I then find that the implementations of that feature are unusably buggy
# [17:06] * Quits: BenWard (i=BenWard@nat/yahoo/x-7c468dee75a43d40) (Read error: 104 (Connection reset by peer))
# [17:06] * Joins: BenWard (i=BenWard@nat/yahoo/x-e213bccfc86e0313)
# [17:12] * Parts: Lachy (n=lachlan_@pat-tdc.opera.com)
# [17:13] * Joins: Lachy (n=lachlan_@pat-tdc.opera.com)
# [17:14] * Parts: Lachy (n=lachlan_@pat-tdc.opera.com)
# [17:15] * Joins: Lachy (n=lachlan_@pat-tdc.opera.com)
# [17:31] <zcorpan> man, ie's handling of <object> is harier than i thought
# [17:33] * Joins: hober (n=ted@unaffiliated/hober)
# [17:33] <zcorpan> http://software.hixie.ch/utilities/js/live-dom-viewer/?%3C!DOCTYPE%20html%3E%0D%0A%3Cbody%3E%3Cobject%20name%3Dx%3E%3Cembed%20name%3Dx%3E%3C%2Fobject%3E%0D%0A%3Cscript%3E%0D%0Aw(%22document.x.length%3A%20%22%20%2B%20document.x.length)%0D%0Aw(%22tagName%3A%20%22%20%2B%20document.x.tagName)%0D%0Aw(%22innerHTML%3A%20%22%20%2B%20document.x.innerHTML)%0D%0Aw(%22firstChild%3A%20%22%20%2B%20document.x.firstChild)%0D%0A%3C%2Fscript%3E
# [17:33] * Quits: hober (n=ted@unaffiliated/hober) (Remote closed the connection)
# [17:34] * Joins: hober (n=ted@unaffiliated/hober)
# [17:41] * Joins: aaronlev (n=chatzill@67.151.79.2)
# [17:44] * Quits: Lachy (n=lachlan_@pat-tdc.opera.com) (Read error: 54 (Connection reset by peer))
# [17:44] * Joins: Lachy (n=lachlan_@pat-tdc.opera.com)
# [17:46] * Joins: maikmerten (n=maikmert@T6591.t.pppool.de)
# [17:49] * Parts: Lachy (n=lachlan_@pat-tdc.opera.com)
# [17:55] <hsivonen> Any advice whether I should bother to insist on my mobileOK comments or just let it be?
# [17:57] * Quits: KevinMarks (n=KevinMar@98.207.134.151) ("The computer fell asleep")
# [18:06] * Joins: h3h (n=w3rd@cpe-76-88-44-219.san.res.rr.com)
# [18:10] <zcorpan> hsivonen: depends on whether you like wasting your time ;)
# [18:11] <hsivonen> zcorpan: I take that as a "let it be"
# [18:12] <zcorpan> yeah
# [18:12] <hsivonen> though I find it *absurd* to say that XML 1.1 is OK but PNG isn't
# [18:12] <zcorpan> indeed
# [18:12] <zcorpan> or to pretend that XML is being dealt with in the first place
# [18:12] <zcorpan> it's just harmful to XML
# [18:13] <zcorpan> it might force opera to also use the html parser for xml content
# [18:16] <hsivonen> Also, this imaginary profile doesn't make sense.
# [18:17] <hsivonen> I have 2 mobile devices currently and both only host browsers based on engines that you can expose to real Web content
# [18:24] <hsivonen> hmm. reading the XHTML 1.0 RNG schema I find some presentational attributes I didn't remember even existed
# [18:24] <hsivonen> frame and rules
# [18:27] * Joins: aroben (n=aroben@unaffiliated/aroben)
# [18:33] * Quits: weinig (n=weinig@adsl-71-138-131-151.dsl.pltn13.pacbell.net)
# [18:38] * Quits: h3h (n=w3rd@cpe-76-88-44-219.san.res.rr.com)
# [18:40] <zcorpan> on <table> right
# [18:43] * Joins: kingryan (n=kingryan@corp.technorati.com)
# [18:44] * Joins: peepo (n=Jay@host86-153-137-94.range86-153.btcentralplus.com)
# [18:56] <hsivonen> zcorpan: Regarding the HTML 4.0 request: do you have an opinion on treating all quirky doctypes as html4?
# [18:56] * Quits: peepo (n=Jay@host86-153-137-94.range86-153.btcentralplus.com) ("later")
# [18:56] <hsivonen> or should I just special-case HTML 4.0 doctypes?
# [18:58] * hsivonen special-cases HTML 4.0
# [19:03] * gavins is now known as gavin
# [19:08] * Joins: h3h (n=w3rd@66-162-32-234.static.twtelecom.net)
# [19:12] * Quits: BenWard (i=BenWard@nat/yahoo/x-e213bccfc86e0313) ("Fades out again…")
# [19:17] * Joins: weinig (n=weinig@17.203.15.140)
# [19:27] <zcorpan> hsivonen: just 4.0
# [19:31] <hsivonen> zcorpan: ok
# [19:49] * Joins: tantek (n=tantek@212.145.150.218)
# [19:55] * Quits: tantek (n=tantek@212.145.150.218)
# [19:58] * Joins: met_ (n=Hassman@r5bx220.net.upc.cz)
# [20:03] * Quits: heycam (n=cam@203-214-114-92.dyn.iinet.net.au) (Read error: 110 (Connection timed out))
# [20:10] * Quits: met_ (n=Hassman@r5bx220.net.upc.cz) ("Chemists never die, they just stop reacting.")
# [20:17] * Joins: tantek (n=tantek@212.145.150.218)
# [20:21] * Quits: maikmerten (n=maikmert@T6591.t.pppool.de) (Remote closed the connection)
# [20:34] * Quits: tantek (n=tantek@212.145.150.218)
# [20:41] * Quits: aroben (n=aroben@unaffiliated/aroben) (Read error: 110 (Connection timed out))
# [20:51] * Joins: aroben_ (i=aroben@unaffiliated/aroben)
# [20:59] <Hixie> wow i've no idea how the whatwg page ended up with the w3c stylesheet
# [20:59] <Hixie> that's screwed up
# [21:00] * Joins: Ducki (n=Ducki@nrdh-d9b980d5.pool.mediaWays.net)
# [21:01] * Quits: Ducki (n=Ducki@nrdh-d9b980d5.pool.mediaWays.net) (Connection reset by peer)
# [21:09] * Quits: takkaria (n=takkaria@isparp.co.uk) (Remote closed the connection)
# [21:17] * Joins: takkaria (n=takkaria@isparp.co.uk)
# [21:19] * Quits: othermaciej (n=mjs@dsl081-048-145.sfo1.dsl.speakeasy.net)
# [21:22] * Joins: Ducki (n=Ducki@nrdh-d9b980db.pool.mediaWays.net)
# [21:26] <hsivonen> zcorpan: I think I've nailed HTML 4.0 support now: http://validator.nu/?doc=http%3A%2F%2Fln.hixie.ch%2F
# [21:27] <zcorpan> hsivonen: nice!
# [21:28] * Joins: othermaciej (n=mjs@dsl081-048-145.sfo1.dsl.speakeasy.net)
# [21:29] * Joins: KevinMarks (i=KevinMar@nat/google/x-204126322e1fe482)
# [21:30] * Quits: othermaciej (n=mjs@dsl081-048-145.sfo1.dsl.speakeasy.net) (Client Quit)
# [21:36] <hsivonen> zcorpan: Re: the way duplicate IDs on imageshack are reported as two errors as opposed to error plus info: that comes from the bowels of Jing, which doesn't know about info
# [21:36] <hsivonen> zcorpan: I think I should move the XHTML 1.0 ID duplicate checking to a new mechanism when I write a new mechanism for HTML5
# [21:37] * Quits: aaronlev (n=chatzill@67.151.79.2) ("ChatZilla 0.9.78.1 [Firefox 2.0.0.7/2007091417]")
# [21:43] <hsivonen> am I reading correcly that XSD regexps don't have \u escapes?
# [21:45] * hsivonen still doesn't like white space differences between HTML5 and XML
# [21:46] * Quits: aroben_ (i=aroben@unaffiliated/aroben) (Connection timed out)
# [21:46] * Joins: aroben_ (i=aroben@unaffiliated/aroben)
# [21:48] <hsivonen> Hixie: just checking: enumerated values are now ASCII-case-insensitive for both HTML5 and XHTML5, right? (this appears to have changed when I wasn't looking)
# [21:49] * Quits: dev0 (i=Tobias@unaffiliated/icefox0) (Read error: 104 (Connection reset by peer))
# [21:50] * Quits: dglazkov (n=dglazkov@adsl-065-081-081-030.sip.bhm.bellsouth.net)
# [21:51] * Quits: Hixie (i=ianh@trivini.no) (Read error: 110 (Connection timed out))
# [21:52] * Joins: virtuelv (n=virtuelv@51.80-203-76.nextgentel.com)
# [21:54] * Quits: zcorpan (n=zcorpan@pat.se.opera.com) (Read error: 110 (Connection timed out))
# [21:55] * Quits: hober (n=ted@unaffiliated/hober) ("ERC Version 5.3 (devel) (IRC client for Emacs)")
# [22:01] * Joins: Ducki_ (i=Ducki@nrdh-d9b980d8.pool.mediaWays.net)
# [22:25] * Quits: Ducki (n=Ducki@nrdh-d9b980db.pool.mediaWays.net) (No route to host)
# [22:57] * Joins: hober (n=ted@unaffiliated/hober)
# [23:07] * Joins: othermaciej (n=mjs@17.255.98.159)
# [23:11] * Quits: virtuelv (n=virtuelv@51.80-203-76.nextgentel.com) ("Leaving")
# [23:19] <Philip`> "A date or time string is a valid date or time string if the following algorithm, when run on the string, doesn't say the string is invalid." - that's totally helpful
# [23:19] * Philip` tries reading the 67-step algorithm
# [23:20] * Joins: rubys (n=rubys@cpe-075-182-087-110.nc.res.rr.com)
# [23:20] * Quits: ROBOd (n=robod@89.122.216.38) ("http://www.robodesign.ro")
# [23:21] * Parts: rubys (n=rubys@cpe-075-182-087-110.nc.res.rr.com)
# [23:29] * Joins: doublec (n=doublec@202.180.114.137)
# [23:30] <gsnedders> Philip`: that and the parsing algorithm are the only two sections I've yet to review
# [23:38] * Quits: Ducki_ (i=Ducki@nrdh-d9b980d8.pool.mediaWays.net) (Read error: 113 (No route to host))
# [23:39] * Joins: Hixie (i=ianh@trivini.no)
# [23:49] * Joins: othermaciej_ (n=mjs@17.203.15.159)
# [23:51] * Quits: othermaciej_ (n=mjs@17.203.15.159) (Client Quit)
# [23:51] * Joins: othermaciej_ (n=mjs@17.203.15.159)
# [23:53] <Philip`> ^\s*(\d\d\d\d-\d\d-\d\d\s*T?\s*\d\d:\d\d(:\d+\.?\d*)?\s*(Z|[+-]\d\d:\d\d)|\d\d:\d\d(:\d+\.?\d*))\s*$
# [23:53] <Philip`> Much easier to read
# [23:54] <Philip`> but it seems odd that you can't have a valid date (no time) string, so maybe I'm missing something
# [23:58] <Philip`> ^\s*(\d\d\d\d-\d\d-\d\d(\s+|\s*T?\s*)\d\d:\d\d(:\d+\.?\d*)?\s*(Z|[+-]\d\d:\d\d)|\d\d:\d\d(:\d+\.?\d*))\s*$ - oops, bugfix
# [23:58] <Philip`> Ugh
# [23:58] <Philip`> ^\s*(\d\d\d\d-\d\d-\d\d(\s+|\s*T\s*)\d\d:\d\d(:\d+\.?\d*)?\s*(Z|[+-]\d\d:\d\d)|\d\d:\d\d(:\d+\.?\d*))\s*$
# [23:59] <Hixie> are you have connection issues?
# [23:59] <Hixie> :-P
# Session Close: Fri Oct 05 00:00:00 2007

The end :)