/irc-logs / freenode / #whatwg / 2008-11-26 / end

Options:

  1. # Session Start: Wed Nov 26 00:00:00 2008
  2. # Session Ident: #whatwg
  3. # [00:01] <Hixie> also a "preview" button, and buttons that do server-side filling of fields without submitting the whole thing
  4. # [00:01] <Hixie> i guess i'll add novalidate
  5. # [00:01] <Hixie> you have about an hour to come up with a better name than "novalidate". :-)
  6. # [00:01] <Hixie> bbl
  7. # [00:15] * Joins: nessy (n=nessy@124-168-156-5.dyn.iinet.net.au)
  8. # [00:16] * Quits: erlehmann (n=erlehman@dslb-088-075-197-149.pools.arcor-ip.net) ("Ex-Chat")
  9. # [00:18] * Joins: arve__ (n=virtuelv@163.80-202-65.nextgentel.com)
  10. # [00:24] * Quits: roc (n=roc@202.0.36.64)
  11. # [00:30] * Quits: smerp (n=smerp@66.192.95.199) (Read error: 110 (Connection timed out))
  12. # [00:34] * Quits: aaronlev (n=chatzill@f051078123.adsl.alicedsl.de) (Read error: 110 (Connection timed out))
  13. # [00:35] * Quits: virtuelv_ (n=virtuelv@163.80-202-65.nextgentel.com) (Read error: 110 (Connection timed out))
  14. # [00:36] * Joins: MikeSmith (n=MikeSmit@EM114-48-12-131.pool.e-mobile.ne.jp)
  15. # [00:40] * Quits: dglazkov (n=dglazkov@72.14.224.1)
  16. # [00:44] * Quits: MikeSmith (n=MikeSmit@EM114-48-12-131.pool.e-mobile.ne.jp) ("sex break")
  17. # [00:46] * Quits: arve__ (n=virtuelv@163.80-202-65.nextgentel.com) ("Leaving")
  18. # [00:53] * Quits: weinig (n=weinig@cpe-66-65-132-93.nyc.res.rr.com)
  19. # [00:56] * Quits: aroben (n=adamrobe@unaffiliated/aroben)
  20. # [00:58] <BenMillard> Hixie, calling it skipvalidity (which could be authored as skipValidity in the document) seems more consistent with the use of "validity" and "fooValidity()" and "ValidityFoo" for things in The Constraint Validation API: http://www.whatwg.org/specs/web-apps/current-work/multipage/forms.html#the-constraint-validation-api
  21. # [01:01] <BenMillard> ignorevalidity (ignoreValidity) fits the above and fits the naming of "ignoreCase" and the convention for saying "UAs must ignore foo"
  22. # [01:03] * Quits: tndH (n=Rob@james-baillie-pc083-058.student-halls.leeds.ac.uk) ("ChatZilla 0.9.84-rdmsoft [XULRunner 1.9.0.1/2008072406]")
  23. # [01:05] * Joins: tantek (n=tantek@75.144.18.134)
  24. # [01:11] * Quits: Hish (n=chatzill@mail2.n-e-s.de) (Read error: 104 (Connection reset by peer))
  25. # [01:11] * Joins: Hish__ (n=chatzill@mail2.n-e-s.de)
  26. # [01:11] * Hish__ is now known as Hish
  27. # [01:11] * Joins: MikeSmith (n=MikeSmit@EM114-48-37-67.pool.e-mobile.ne.jp)
  28. # [01:12] * Quits: tantek (n=tantek@75.144.18.134)
  29. # [01:12] * Joins: Hish__ (n=chatzill@p5B382A65.dip0.t-ipconnect.de)
  30. # [01:15] * Joins: tantek (n=tantek@75.144.18.134)
  31. # [01:18] <Hixie> i think i prefer novalidate, for consistency with nohref, noresize, noshade, and nowrap (though the irony that all four of those are obsolete in html5 is not lost on me)
  32. # [01:23] <BenMillard> so many conventions to choose from :P
  33. # [01:23] <BenMillard> I'm unlikely to use the feature so I don't mind what you call it
  34. # [01:28] * Joins: Hish___ (n=chatzill@mail2.n-e-s.de)
  35. # [01:29] * Quits: Hish (n=chatzill@mail2.n-e-s.de) (Read error: 110 (Connection timed out))
  36. # [01:29] * Hish___ is now known as Hish
  37. # [01:32] * Joins: weinig (n=weinig@cpe-66-65-132-93.nyc.res.rr.com)
  38. # [01:32] <Hixie> BenMillard: :-)
  39. # [01:35] * Quits: Hish__ (n=chatzill@p5B382A65.dip0.t-ipconnect.de) (Read error: 60 (Operation timed out))
  40. # [01:41] * Parts: ojan (n=ojan@nat/google/x-c6af13b38918cc27) ("Leaving")
  41. # [01:54] * Joins: Hish___ (n=chatzill@p5B382A65.dip0.t-ipconnect.de)
  42. # [01:58] * Quits: Hish (n=chatzill@mail2.n-e-s.de) (Read error: 60 (Operation timed out))
  43. # [01:58] * Hish___ is now known as Hish
  44. # [02:02] * Quits: svl (n=me@ip565744a7.direct-adsl.nl) ("And back he spurred like a madman, shrieking a curse to the sky.")
  45. # [02:02] * Joins: Hish___ (n=chatzill@mail2.n-e-s.de)
  46. # [02:08] * weinig is now known as weinig|HOUSE
  47. # [02:11] * Quits: KevinMarks (n=KevinMar@nat/google/x-9c47188beed8039c)
  48. # [02:22] * Quits: Hish (n=chatzill@p5B382A65.dip0.t-ipconnect.de) (Read error: 110 (Connection timed out))
  49. # [02:26] * Joins: KevinMarks (n=KevinMar@216.239.45.19)
  50. # [02:43] <Hixie> ew
  51. # [02:43] <Hixie> MouseEvent makes a mess of the init* methods
  52. # [02:44] * Joins: dglazkov (n=dglazkov@c-24-130-144-56.hsd1.ca.comcast.net)
  53. # [02:52] * Joins: smerp (n=smerp@cpe-066-057-061-202.nc.res.rr.com)
  54. # [02:53] * Joins: smerp_ (n=smerp@66.192.95.199)
  55. # [03:01] * Quits: smerp (n=smerp@cpe-066-057-061-202.nc.res.rr.com) (Read error: 145 (Connection timed out))
  56. # [03:03] * Quits: tantek (n=tantek@75.144.18.134)
  57. # [03:04] * Joins: tantek (n=tantek@75.144.18.134)
  58. # [03:06] <Hixie> hmm
  59. # [03:06] <Hixie> so <input type=color>
  60. # [03:06] <Hixie> should it be possible for the user to set it to no color?
  61. # [03:06] * Quits: tantek (n=tantek@75.144.18.134) (Client Quit)
  62. # [03:09] <BenMillard> transparent?
  63. # [03:18] <Hixie> no, nothing at all
  64. # [03:19] <Hixie> like, type=number allows any number, as well as ""
  65. # [03:19] <Dashiva> Can it have no color as initial value?
  66. # [03:19] <Hixie> but type=range doesn't allow ""
  67. # [03:19] <Hixie> Dashiva: that's another way of phrasing the same question, effectively
  68. # [03:20] <Lachy> what are the use cases for colour selection that we're trying to address and which ones are we not?
  69. # [03:21] <Hixie> in: selecting the colour of a label in gmail, selecting a color in a paint program
  70. # [03:21] <Hixie> can't think of any that are "out" offhand, but i'm sure there are many
  71. # [03:22] <Hixie> http://images.google.com/images?client=safari&rls=en-us&q=color%20pickers&ie=UTF-8&oe=UTF-8&um=1&sa=N&tab=wi suggests that color pickers don't have a "no color" mode
  72. # [03:22] <Lachy> ok, so this is basically a simple RGB colour palette
  73. # [03:23] <Dashiva> Hixie: But many of them have a cancel button
  74. # [03:24] <Hixie> Dashiva: yeah but that doesn't unset the previously selected color
  75. # [03:24] <Lachy> I'd assume things like paint colour selectors on interior decoration sites wouldn't be adequately covered by this, so that'd be out
  76. # [03:25] <Hixie> right
  77. # [03:26] <Hixie> out: pantone color selector
  78. # [03:27] <Dashiva> I suppose we aren't addressing "How do you ensure the user selects a color and doesn't just go ahead with the default without considering it" either
  79. # [03:29] * Quits: rillian (n=giles@66.183.19.247) (Read error: 54 (Connection reset by peer))
  80. # [03:30] <Hixie> not really
  81. # [03:36] * Joins: billyjackass (n=MikeSmit@dhcp-246-124.mag.keio.ac.jp)
  82. # [03:37] <Lachy> yes, I think no colour should be possible, because if someone wants to make a paint application, that's one way of letting the user select transparent
  83. # [03:40] <BenMillard> Hixie, I think Word has a no colour mode.
  84. # [03:41] * Quits: BenMillard (i=cerbera@cpc1-flee1-0-0-cust285.glfd.cable.ntl.com)
  85. # [03:41] <Hixie> Lachy: opacity should be separate from this anyway
  86. # [03:45] * Quits: KevinMarks (n=KevinMar@216.239.45.19) ("The computer fell asleep")
  87. # [03:46] * Joins: KevinMarks (n=KevinMar@216.239.45.19)
  88. # [03:49] <Lachy> Hixie, the colour palettes in apps like Adobe Fireworks allow the user to select a no-colour option. it's useful when, e.g., you want to set the border colour of a shape to one colour and leave the fill colour transparent
  89. # [03:49] * Quits: Amorphous (i=jan@unaffiliated/amorphous) (Read error: 113 (No route to host))
  90. # [03:52] * Quits: MikeSmith (n=MikeSmit@EM114-48-37-67.pool.e-mobile.ne.jp) (Read error: 110 (Connection timed out))
  91. # [03:52] * Joins: Amorphous (i=jan@unaffiliated/amorphous)
  92. # [03:55] <Hixie> Lachy: makes sense
  93. # [03:56] * Joins: dglazkov_ (n=dglazkov@72.14.224.1)
  94. # [03:59] <Hixie> hmm
  95. # [03:59] <Hixie> should we make the form <input type=color> parse colors in a simple way, or using the wacky <font color> algorithm?
  96. # [04:00] <Hixie> or using the css algorithm...
  97. # [04:00] <Hixie> so many options...
  98. # [04:00] <Hixie> can't use css, as it might return an alpha!=1.0 color
  99. # [04:02] * Quits: KevinMarks (n=KevinMar@216.239.45.19) (Connection timed out)
  100. # [04:04] * Quits: dimich (n=dimich@72.14.227.1) (Read error: 110 (Connection timed out))
  101. # [04:06] <Lachy> could you use a subset of the CSS colour, including #FFF, #FFFFFF, rgb(...) and hsl(...), but excluding rgba() and hsla()?
  102. # [04:06] * billyjackass is now known as MikeSmith
  103. # [04:06] <Lachy> also, the colour keywords
  104. # [04:09] <Hixie> that seems unnecessarily complex given that we'd still want to serialise everything to #rrggbb for submission
  105. # [04:09] * Quits: dave_levin (n=dave_lev@72.14.227.1) (Read error: 110 (Connection timed out))
  106. # [04:10] <heycam> that's pretty much the same as strokeStyle/fillStyle on the canvas context object though
  107. # [04:10] <Lachy> specifically, what conditions are you trying to address? Is this for when the user types in a colour manually or when the value is set by a script?
  108. # [04:11] <Hixie> strokeStyle and fillStyle are full CSS colors
  109. # [04:11] <Hixie> Lachy: value of the value="" attribute
  110. # [04:11] <Hixie> (and form submission)
  111. # [04:12] <Lachy> oh, ok.
  112. # [04:17] * Joins: dave_levin (n=dave_lev@c-98-203-247-78.hsd1.wa.comcast.net)
  113. # [04:18] * Quits: dglazkov (n=dglazkov@c-24-130-144-56.hsd1.ca.comcast.net) (Read error: 110 (Connection timed out))
  114. # [04:18] * Joins: dave_levin_ (n=dave_lev@72.14.224.1)
  115. # [04:19] * dglazkov_ is now known as dglazkov
  116. # [04:22] * weinig|HOUSE is now known as weinig
  117. # [04:22] <Lachy> with other input types, I don't think there is any precedent for the value of the value attribute being automatically normalised prior to submission, and so it would probably be best to require the format #rrggbb
  118. # [04:23] <Lachy> plus, if we allowed other types, then that would seem to create complications when the input.value property is set by scripts
  119. # [04:24] <Lachy> s/other types/other formats/
  120. # [04:25] <Hixie> i'm still normalising it before submission btw (from uppercase to lowercase)
  121. # [04:25] <Lachy> ok
  122. # [04:34] * Quits: dave_levin (n=dave_lev@c-98-203-247-78.hsd1.wa.comcast.net) (Read error: 110 (Connection timed out))
  123. # [04:42] * Joins: famicom (i=famicom@5ED2FF2D.cable.ziggo.nl)
  124. # [04:59] * Quits: dolske (n=dolske@firefox/developer/dolske) ("Leaving...")
  125. # [05:00] * Joins: dolske (n=dolske@firefox/developer/dolske)
  126. # [05:09] <Lachy> Hixie, is the order of the input types in the table in any particular order? It seems rather random. Could you put them into alphabetical order?
  127. # [05:10] <Lachy> well, I guess there sort of grouped by category
  128. # [05:15] <Hixie> the order is the order used so that there are the fewest differences from type to type in terms of what cells say "yes"
  129. # [05:15] <Hixie> except that password isn't before text
  130. # [05:15] <Lachy> Hixie, a valid simple colour should be A to F, not A to Z
  131. # [05:16] <Hixie> oops
  132. # [05:16] * Quits: dolske (n=dolske@firefox/developer/dolske) (Connection timed out)
  133. # [05:18] <Hixie> ok fixed
  134. # [05:21] * Joins: dolske (n=dolske@firefox/developer/dolske)
  135. # [05:22] * Quits: dbaron (n=dbaron@corp-241.mountainview.mozilla.com) ("8403864 bytes have been tenured, next gc will be global.")
  136. # [05:34] * Quits: doublec (n=chris@202.0.36.64) ("Leaving")
  137. # [05:39] * Quits: xcombelle (n=chatzill@AToulouse-158-1-151-166.w90-60.abo.wanadoo.fr) (Remote closed the connection)
  138. # [05:40] * weinig is now known as weinig|away
  139. # [05:40] * Joins: dbaron (n=dbaron@c-71-204-144-136.hsd1.ca.comcast.net)
  140. # [05:53] * Quits: smerp_ (n=smerp@66.192.95.199)
  141. # [06:03] * Joins: doublec (n=Chris_Do@118-92-214-173.dsl.dyn.ihug.co.nz)
  142. # [06:11] * Quits: heycam (n=cam@clm-laptop.infotech.monash.edu.au) ("bye")
  143. # [06:13] * Joins: dimich (n=dimich@c-98-203-230-54.hsd1.wa.comcast.net)
  144. # [06:15] * Quits: dglazkov (n=dglazkov@72.14.224.1)
  145. # [06:21] * Quits: dimich (n=dimich@c-98-203-230-54.hsd1.wa.comcast.net)
  146. # [06:39] * Quits: famicom (i=famicom@5ED2FF2D.cable.ziggo.nl) ("Leaving")
  147. # [06:42] * Joins: harig (n=harig_in@122.160.12.230)
  148. # [06:49] * Joins: sayrer (n=chatzill@user-160va8b.cable.mindspring.com)
  149. # [06:50] <sayrer> Hixie, so, I thought there was a feature freeze? but now we have this new 401 form...
  150. # [06:57] * Joins: tantek (n=tantek@c-67-180-199-228.hsd1.ca.comcast.net)
  151. # [06:59] <Hixie> sayrer: i said i wasn't adding anything new that hadn't already been requested as of the feature freeze (last december)
  152. # [06:59] <Hixie> the recent additions are from requests from 2006/2007
  153. # [07:00] <sayrer> that doesn't seem like a useful freeze to me
  154. # [07:00] <sayrer> thanks
  155. # [07:00] <Hixie> (or, in the case of workers, from requests from browser vendors who said that without a spec they'd just make up stuff)
  156. # [07:00] <Hixie> well the freeze is only intended to land us on schedule
  157. # [07:00] <sayrer> well, you are a browser vendor just making stuff up :)
  158. # [07:00] <Hixie> i mean implementors
  159. # [07:01] * sayrer shrugs
  160. # [07:05] * Quits: dave_levin_ (n=dave_lev@72.14.224.1)
  161. # [07:06] * Joins: dave_levin (n=dave_lev@72.14.224.1)
  162. # [07:19] * Quits: tantek (n=tantek@c-67-180-199-228.hsd1.ca.comcast.net) (Read error: 110 (Connection timed out))
  163. # [07:27] * Joins: tantek (n=tantek@adsl-63-195-114-133.dsl.snfc21.pacbell.net)
  164. # [07:34] * Quits: sayrer (n=chatzill@user-160va8b.cable.mindspring.com) (Read error: 110 (Connection timed out))
  165. # [07:42] * Joins: heycam (n=cam@203-217-88-133.dyn.iinet.net.au)
  166. # [07:49] * Joins: maikmerten (n=merten@ls5dhcp195.cs.uni-dortmund.de)
  167. # [07:52] <hsivonen> Hixie: seems more like a suggestion freeze than a feature freeze :-)
  168. # [07:56] <Hixie> yeah, that'd be a better term
  169. # [07:56] <Hixie> i don't recall exactly how i phrased it
  170. # [08:04] <hsivonen> http://intertwingly.net/blog/2008/11/20/Half-Full#c1227667144
  171. # [08:05] <hsivonen> Is there a definition for hixie:LC, hixie:CR, w3c:LC and w3c:CR?
  172. # [08:06] <hsivonen> (and are there URIs to bind hixie and w3c to?)
  173. # [08:18] * Joins: KevinMarks (n=KevinMar@c-98-207-134-151.hsd1.ca.comcast.net)
  174. # [08:22] <hsivonen> Hixie: btw, what happened to the OpenID integration idea that sicking mentioned at TPAC?
  175. # [08:24] <Hixie> i wonder how hixie:LC, hixie:CR, w3c:LC and w3c:CR differ
  176. # [08:24] <Hixie> hsivonen: no idea
  177. # [08:25] <Hixie> what's zcorpan's e-mail address?
  178. # [08:25] <Hixie> specifically, his webkit bugzilla account address
  179. # [08:26] <hsivonen> I'd try searching webkit bugzilla for zcorpan and simonp
  180. # [08:27] <Hixie> tried that
  181. # [08:28] * Joins: BenMillard (i=cerbera@cpc1-flee1-0-0-cust285.glfd.cable.ntl.com)
  182. # [08:31] * Joins: aaronlev (n=chatzill@f051078123.adsl.alicedsl.de)
  183. # [08:32] * Quits: dbaron (n=dbaron@c-71-204-144-136.hsd1.ca.comcast.net) ("8403864 bytes have been tenured, next gc will be global.")
  184. # [08:41] * Quits: theanxy (n=wzajac@student.agh.edu.pl) (zelazny.freenode.net irc.freenode.net)
  185. # [08:42] * Joins: theanxy (n=wzajac@student.agh.edu.pl)
  186. # [08:45] * Joins: tndH (n=Rob@james-baillie-pc083-058.student-halls.leeds.ac.uk)
  187. # [08:47] * Joins: erlehmann (n=erlehman@dslb-088-075-220-157.pools.arcor-ip.net)
  188. # [08:50] * Parts: BenMillard (i=cerbera@cpc1-flee1-0-0-cust285.glfd.cable.ntl.com)
  189. # [08:51] * Joins: Maurice (n=ano@a80-101-46-164.adsl.xs4all.nl)
  190. # [08:51] <hsivonen> Hixie: was "no idea" to the OpenID idea? that is, did you examine the feasibility of moving bits of the OpenID experience to browser chrome in a backwards-compatible way?
  191. # [09:02] <hsivonen> http://lists.w3.org/Archives/Public/www-validator/2008Nov/0044.html
  192. # [09:03] <Hixie> no idea was to openid. not really sure what to do about it.
  193. # [09:05] * Joins: pesla (n=retep@procurios.xs4all.nl)
  194. # [09:13] * Quits: hdh (n=hdh@58.187.62.119) (Read error: 110 (Connection timed out))
  195. # [09:13] * Joins: ap (n=ap@195.239.126.10)
  196. # [09:24] * Quits: MikeSmith (n=MikeSmit@dhcp-246-124.mag.keio.ac.jp) ("sex break")
  197. # [09:33] <Hixie> when you substitute a for b in c, which one is left in c? a, or b?
  198. # [09:34] <takkaria> a?
  199. # [09:43] * Joins: virtuelv (n=virtuelv@pat-tdc.opera.com)
  200. # [09:44] * Joins: Hish____ (n=chatzill@p3EE221D1.dip0.t-ipconnect.de)
  201. # [09:44] * Hish____ is now known as Hish
  202. # [09:47] * Quits: weinig|away (n=weinig@cpe-66-65-132-93.nyc.res.rr.com)
  203. # [09:47] * Quits: Hish___ (n=chatzill@mail2.n-e-s.de) (Read error: 60 (Operation timed out))
  204. # [09:49] * Joins: famicom (i=famicom@5ED2FF2D.cable.ziggo.nl)
  205. # [09:50] * Joins: tthorsen (n=tommy@home.kvaleberg.no)
  206. # [09:53] <gavin> a
  207. # [09:53] <gavin> a is a substitue for b
  208. # [09:58] * Quits: tndH (n=Rob@james-baillie-pc083-058.student-halls.leeds.ac.uk) (Read error: 110 (Connection timed out))
  209. # [10:04] * Joins: Hish____ (n=chatzill@mail2.n-e-s.de)
  210. # [10:04] * Quits: harig (n=harig_in@122.160.12.230) (Read error: 110 (Connection timed out))
  211. # [10:07] <Hixie> wikitionary agrees
  212. # [10:09] * Quits: Hish (n=chatzill@p3EE221D1.dip0.t-ipconnect.de) (Read error: 60 (Operation timed out))
  213. # [10:09] * Hish____ is now known as Hish
  214. # [10:11] * Joins: doublec_ (n=Chris_Do@118-92-214-173.dsl.dyn.ihug.co.nz)
  215. # [10:11] * Quits: doublec (n=Chris_Do@118-92-214-173.dsl.dyn.ihug.co.nz) (Read error: 113 (No route to host))
  216. # [10:11] * doublec_ is now known as doublec
  217. # [10:12] <hsivonen> why are SVG and Canvas "extensions"? http://www.extremetech.com/article2/0,2845,2335251,00.asp
  218. # [10:16] <mookid> Why am I reading a thread about 'the login/logout problem' ?
  219. # [10:17] <mookid> there isn't a problem.. it works fine
  220. # [10:17] <virtuelv> hsivonen: that article is, in general, rather uninformed
  221. # [10:19] <Hixie> ie8 is adding svg and canvas?
  222. # [10:19] <Hixie> that's news to me
  223. # [10:21] * Quits: tthorsen (n=tommy@home.kvaleberg.no) ("Leaving")
  224. # [10:24] * Joins: mpt (n=mpt@canonical/launchpad/mpt)
  225. # [10:25] <Hixie> wtf, screen sharing just doesn't work anymore to this computer
  226. # [10:25] <Hixie> i don't get it
  227. # [10:26] <Hixie> no error message, nothing
  228. # [10:26] <Hixie> afp, too
  229. # [10:26] <Hixie> just doesn't connect
  230. # [10:34] * Quits: jruderman (n=jruderma@corp-241.mountainview.mozilla.com)
  231. # [10:37] <Lachy> have you tried restarting the machine?
  232. # [10:37] <Lachy> I mean the one you're trying to connect to
  233. # [10:38] <Hixie> yes
  234. # [10:38] * Quits: doublec (n=Chris_Do@118-92-214-173.dsl.dyn.ihug.co.nz) (Read error: 104 (Connection reset by peer))
  235. # [10:38] * Joins: doublec_ (n=Chris_Do@118-92-214-173.dsl.dyn.ihug.co.nz)
  236. # [10:38] * Quits: doublec_ (n=Chris_Do@118-92-214-173.dsl.dyn.ihug.co.nz) (Remote closed the connection)
  237. # [10:41] <virtuelv> hsivonen: the telltale sign in that article would be
  238. # [10:41] <virtuelv> «What's notable here is the margin. Chrome's winning margin is huge, even though Firefox 3.04, Opera and Safari have incorporated V8»
  239. # [10:41] <Hixie> o_O
  240. # [10:42] <hsivonen> virtuelv: whoa
  241. # [10:42] * hsivonen didn't actually read the whole article
  242. # [10:43] * Quits: Lachy (n=Lachlan@85.196.122.246) ("This computer has gone to sleep")
  243. # [10:43] <virtuelv> «We tested the version of Firefox (called Minefield) that does include the V8 code and listed those results below our "official" findings.»
  244. # [10:46] <Hixie> if I add remainingSpacePercentage, should I add it to sessionStorage, localStorage, and Database, or should I add it to Navigator and assume shared storage?
  245. # [10:47] <virtuelv> Hixie: is the percentage really relevant?
  246. # [10:48] <Hixie> microsoft want a feature to say how much space is remaining, and bytes don't work
  247. # [10:48] <Philip`> Does it make sense on sessionStorage? I'd assume that'd be stored in RAM, and browsers don't have fixed limits on how much RAM a page can use
  248. # [10:48] <virtuelv> a percentage is equally useless
  249. # [10:49] <virtuelv> if I'm trying to store a DOMString of length 1231, a percentage isn't going to help me
  250. # [10:49] <Philip`> virtuelv: Bytes wouldn't help you either, since you don't know how many bytes it'll take to store that string
  251. # [10:49] <Hixie> the only thing that it would allow is showing a UI saying how close you are to running out
  252. # [10:49] <Hixie> but i guess the UA could do that better anyway
  253. # [10:50] <Philip`> virtuelv: so you should just try to store it, and watch for exceptions
  254. # [10:51] * Quits: aaronlev (n=chatzill@f051078123.adsl.alicedsl.de) ("ChatZilla 0.9.83-rdmsoft [XULRunner 1.9.0.1/2008072406]")
  255. # [10:51] * Joins: aaronlev (n=chatzill@f051078123.adsl.alicedsl.de)
  256. # [10:52] * Joins: yecril71 (n=giecrilj@piekna-gts.2a.pl)
  257. # [10:52] * Joins: ROBOd (n=robod@89.122.216.38)
  258. # [10:53] * Joins: Hish____ (n=chatzill@p3EE221D1.dip0.t-ipconnect.de)
  259. # [10:57] * Joins: Hish_____ (n=chatzill@mail2.n-e-s.de)
  260. # [10:58] * Quits: Hish (n=chatzill@mail2.n-e-s.de) (Read error: 104 (Connection reset by peer))
  261. # [10:58] * Hish_____ is now known as Hish
  262. # [11:01] <yecril71> Allowing to execute hidden commands from the keyboard does not seem to be a good idea at all.
  263. # [11:01] * Joins: Lachy (n=Lachlan@pat-tdc.opera.com)
  264. # [11:01] <yecril71> Although it would make implementing Vi in HTML pretty hard,
  265. # [11:01] <yecril71> I do not think HTML should explicitly provide for that.
  266. # [11:02] * Joins: jruderman (n=jruderma@c-67-180-39-55.hsd1.ca.comcast.net)
  267. # [11:02] <Hixie> zcorpan needs to be online more. someone hook him up with screen(1) and irssi(1), please. :-P
  268. # [11:03] <hsivonen> the HTML article in wikipedia gets vandalized all the time and isn't protected. the XHTML article is semi-protected, though.
  269. # [11:04] <yecril71> Should I bring up the issue with fieldsets and HTMLControlsCollection to the list?
  270. # [11:09] <Hixie> what's the issue?
  271. # [11:15] * Quits: Hish____ (n=chatzill@p3EE221D1.dip0.t-ipconnect.de) (Read error: 110 (Connection timed out))
  272. # [11:16] * Quits: aaronlev (n=chatzill@f051078123.adsl.alicedsl.de) ("ChatZilla 0.9.83-rdmsoft [XULRunner 1.9.0.1/2008072406]")
  273. # [11:16] * Joins: aaronlev (n=chatzill@f051078123.adsl.alicedsl.de)
  274. # [11:19] <yecril71> The issue is a fieldset is not a control.
  275. # [11:19] <yecril71> And it does not belong to form.elements, as of HTML4.
  276. # [11:20] <yecril71> So there is a major incompatibility and a semantical flaw.
  277. # [11:20] <Hixie> browsers put fieldsets in form.elements, so there's not much we can do about that
  278. # [11:20] <Hixie> html5 defines it in a way that solves the "semantical flaw"
  279. # [11:20] <Hixie> i.e. it doesn't have a contradiction as best i can tell
  280. # [11:20] <yecril71> According to MSDN, a fieldset does not have a name.
  281. # [11:20] <Hixie> msdn is rarely accurate
  282. # [11:21] <Hixie> i wouldn't pay much attention to it
  283. # [11:22] <yecril71> Thanks, I shall evaluate it and leave a note there if it works anyway.
  284. # [11:22] <mookid> Hixie: what is all this stuff abuot forms?
  285. # [11:22] <Hixie> mookid: ?
  286. # [11:22] <Hixie> which stuff?
  287. # [11:23] <yecril71> Now that OBJECT is submittable, the note about legacy reasons should go.
  288. # [11:23] <yecril71> Because it is a full member of the FORM.
  289. # [11:24] <Hixie> could you provide more context? i'm not psychic, i've no idea what note you are talking about
  290. # [11:24] <yecril71> "OBJECT belongs to FORM.elements for legacy reasons".
  291. # [11:25] <yecril71> (quoting from memory)
  292. # [11:25] <Hixie> could you quote from the spec?
  293. # [11:25] <Hixie> i can't find that string anywhere
  294. # [11:25] <yecril71> Have to find it again first.
  295. # [11:26] * Joins: hdh (n=hdh@118.71.125.105)
  296. # [11:27] <yecril71> For historical reasons, the object element, which is not otherwise considered to be related to forms, is also a form-associated element.
  297. # [11:27] <yecril71> That is the text.
  298. # [11:28] <yecril71> I would also note that IE7 gets awfully slow when displaying the specification,
  299. # [11:28] <yecril71> event the multipage version.
  300. # [11:28] <yecril71> And the section headers are not visible at all.
  301. # [11:28] <yecril71> They are hidden under the green background.
  302. # [11:29] <yecril71> That makes it somehow hard to know what you are reading about.
  303. # [11:29] <Hixie> yeah, IE has all kinds of bugs
  304. # [11:29] <Hixie> i recommend using another browser
  305. # [11:29] * Hixie fixes the line in question
  306. # [11:30] <yecril71> Thats all right, except that the cost of maintenance doubles.
  307. # [11:31] <yecril71> And you cannot get rid of IE7 in Windows.
  308. # [11:31] <yecril71> Of course, you can get rid of Windows, but that is quite an operation.
  309. # [11:32] <yecril71> I think it would be best for everybody to take that into account.
  310. # [11:32] <hsivonen> cost of maintenance doubles? Firefox, Chrome and Safari autoupdate themselves on Windows
  311. # [11:33] <yecril71> Only if run with administrative privileges, something I shall never do.
  312. # [11:33] <Hixie> ok, fixed the object/form line
  313. # [11:35] <yecril71> I think it would not be so much harm to get rid of the negative top margin for now.
  314. # [11:36] <yecril71> A browser window is not short of sheet space, and PDF can be used for printing.
  315. # [11:38] <yecril71> Borrowing the header backround from the following element seems like a dirty hack.
  316. # [11:38] <Hixie> it's pretty. and standards compliant. If IE can't handle it, that's not my problem or the spec's problem.
  317. # [11:39] <yecril71> You can make the PDF as pretty as you wish.
  318. # [11:39] <Hixie> i don't read the pdf
  319. # [11:39] <yecril71> This is not a beauty contest.
  320. # [11:40] <hsivonen> I think that Ubuntu is a better solution against Windows malware than running a personal Windows box without admin privileges
  321. # [11:40] <yecril71> It is better to be ugly than to be unreadable.
  322. # [11:40] <Hixie> so don't use IE
  323. # [11:41] <Hixie> making it slightly more readable isn't going to make the spec work in IE anyway
  324. # [11:41] <Hixie> IE doesn't handle the size of the page
  325. # [11:41] <Hixie> not much we can do about that
  326. # [11:41] <yecril71> It can read the multipage version.
  327. # [11:41] <yecril71> I do.
  328. # [11:42] <Hixie> Basically, the problem is with IE, not the spec. The solution is to have IE be fixed, not have the spec work around bugs in IE.
  329. # [11:42] <yecril71> I cannot have the IE fixed.
  330. # [11:42] <hsivonen> yecril71: doesn't IE8 work, either?
  331. # [11:42] <yecril71> You have to ask Philip`.
  332. # [11:42] <Hixie> you can't have the spec fixed either. :-)
  333. # [11:43] <yecril71> And borrowing the backround for the next element is far from being good markup.
  334. # [11:43] <Hixie> it's quite acceptable css
  335. # [11:43] <hsivonen> http://www.w3.org/TR/mobile-bp/#d0e704
  336. # [11:44] <yecril71> If you want the backround to be green, you have to choices:
  337. # [11:44] <yecril71> 2 choices:
  338. # [11:44] <yecril71> wrap in a common ancestor, which does not apply here,
  339. # [11:44] <Hixie> hsivonen: as someone who has worked on browser vendors, i hate it when sites work around bugs in browsers
  340. # [11:44] <yecril71> or use the same class.
  341. # [11:44] <Hixie> or use a negative margin :-)
  342. # [11:44] <Hixie> which is fine :-)
  343. # [11:45] <hsivonen> Hixie: well, the mobile-bp doc doesn't acknowledge people from the companies you've worked for...
  344. # [11:46] <hsivonen> I think it's quite telling that Opera and Apple aren't acked in the Mobile BP stuff
  345. # [11:47] <Hixie> chaals wrote part of it
  346. # [11:47] <Hixie> iirc
  347. # [11:47] <yecril71> The only workaround for Internet Explorer is to disable CSS.
  348. # [11:48] <yecril71> That makes the page readable and the performance is much better.
  349. # [11:48] <hsivonen> Hixie: whoa. indeed. I was looking at the acks and thought the editor was from vodafone
  350. # [11:48] * Quits: erlehmann (n=erlehman@dslb-088-075-220-157.pools.arcor-ip.net) ("Ex-Chat")
  351. # [11:48] <hsivonen> I must have mixed up the editorships of different docs
  352. # [11:49] <Hixie> actually i thought a googler worked on that doc too, but i don't see that in the acks anywhere
  353. # [11:49] <Hixie> might be another one
  354. # [11:49] <Hixie> there are so many
  355. # [11:49] <yecril71> However, even if I add whatwg.org to restricted sites, that will not disable CSS by default.
  356. # [11:50] <yecril71> And I am sorry to see Hixie behave so arrogantly.
  357. # [11:51] <Hixie> if there was a bug in the spec's style sheet, would you ask the browsers to work around it?
  358. # [11:51] <Hixie> simple software engineering. you fix the bug, you don't work around the bug.
  359. # [11:52] <yecril71> Not a single browser is fully CSS-compliant.
  360. # [11:53] <yecril71> Your attitude is unrealistic, however you may not like it.
  361. # [11:53] <yecril71> The publisher should aim at the intersection of what is supported.
  362. # [11:53] <hsivonen> It's still baffling that a W3C REC doesn't include PNG support as part of the assumed image format support
  363. # [11:54] <hsivonen> how did *that* get past *principles*?
  364. # [11:54] <hsivonen> but then the markup language support is specced as XHTML Basic 1.1 [XHTML-Basic] delivered with content type application/xhtml+xml.
  365. # [11:56] <yecril71> And I cannot fix the bug in IE, as I already said.
  366. # [11:56] <Hixie> you also cannot fix the spec, so i don't see how that is different or relevant
  367. # [11:57] <yecril71> Well, but you can.
  368. # [11:57] <yecril71> With a very tiny amount of work.
  369. # [11:57] <Hixie> if you insist on using IE, then i recommend using http://dev.w3.org/html5/spec/Overview.html instead.
  370. # [11:59] <yecril71> That document does not have a multipage version.
  371. # [12:00] <Hixie> ah well, i tried
  372. # [12:01] <gsnedders> Hixie: Then why have work-arounds for IE at all?
  373. # [12:01] <gsnedders> like the /* that last decl is for IE6. Try removing it, it's hilarious! */ one
  374. # [12:02] <Hixie> i thought i'd gotten rid of that one
  375. # [12:02] <yecril71> Hixies theory about fieldset.name does not hold.
  376. # [12:02] <yecril71> The MSDN is correct here.
  377. # [12:02] <gsnedders> I don't see it in <http://www.whatwg.org/specs/web-apps/current-work/header-whatwg>, but I see it in <http://www.whatwg.org/specs/web-apps/current-work/>
  378. # [12:03] * ap is now known as ap|away
  379. # [12:03] <Hixie> gsnedders: fixed
  380. # [12:03] <yecril71> So it is not really "already implemented", and it is different from HTML4.
  381. # [12:03] * gsnedders heads off
  382. # [12:05] <Hixie> yecril71: do you have a testcase demonstrating the error in the spec?
  383. # [12:05] <Hixie> i'm pretty sure i tested this
  384. # [12:05] <Hixie> but i could be wrong!
  385. # [12:05] <yecril71> Just a minute.
  386. # [12:06] <yecril71> (That is, I have it, but I have to publish it.)
  387. # [12:08] <hsivonen> I think a lot of this mobile "best" practice stuff could go away if Opera Mini had serious competition
  388. # [12:08] <hsivonen> so that vendors of devices that can't host a self-contained browser didn't feel they have to commit to a single vendor if they want a decent browser
  389. # [12:09] <Lachy> unfortunately, working around browser bugs is an essential job that web developers must do for commercial sites. But for web standards, where people reading the spec are expected to use modern browsers, fixing such bugs is an unnecessary hassle
  390. # [12:09] <Hixie> I would say that I think a lot of this mobile "best" practice stuff could go away if Mobile Safari had serious competition. :-)
  391. # [12:09] <Lachy> yecril71, I have to agree with Hixie. I have no sympathy for IE users
  392. # [12:09] <Hixie> not just IE users
  393. # [12:10] <Hixie> users of any browser with pretty fundamental bugs
  394. # [12:10] <Lachy> yeah, all browsers have bugs. But IE is the worst.
  395. # [12:10] <Lachy> it's entirely possible to build a professional website for Firefox, Opera and Safari without using any hacks. But only the most basic sites work in IE without hacks
  396. # [12:11] <hsivonen> which reminds me that Validator.nu has a script error in IE (including 8)
  397. # [12:18] <hsivonen> hmm. the login thing may be a deep rathole
  398. # [12:22] <yecril71> http://www.2a.pl/~ne01026/test.htm
  399. # [12:22] <hsivonen> Hixie: regarding your email "Database section feedback": didn't Nikunj already volunteer? your email makes it look as though you are ignoring that he volunteered. (unless he volunteered only on the condition that he edits *all* the pieces he volunteered for)
  400. # [12:23] <Hixie> i have seen no evidence that he has volunteered other than him actually saying that he has volunteered
  401. # [12:23] <yecril71> (Note that the document is deliberately invalid now)
  402. # [12:23] <hsivonen> Hixie: I think I see what you mean.
  403. # [12:23] <yecril71> (It is supposed to be valid HTML5)
  404. # [12:24] <Hixie> could you rewrite that in JS so i can test it in other browsers?
  405. # [12:25] <yecril71> What for? I do not contend it does not work in other browsers.
  406. # [12:25] * Hixie doesn't understand what you are trying to show with that test
  407. # [12:25] <yecril71> That a fieldset is not a form control.
  408. # [12:25] <Hixie> (what's important is compatibility with all browsers, not just IE)
  409. # [12:26] <Hixie> fieldset is not a form control, correct
  410. # [12:26] <yecril71> All browsers, including IE.
  411. # [12:26] <yecril71> But HTML5 says it belongs to form.elements.
  412. # [12:26] <Hixie> the spec doesn't have a concept of "form control", though, so that seems academic
  413. # [12:26] <yecril71> The collection is named HTMLFormControlsCollection.
  414. # [12:26] <yecril71> Or something like that.
  415. # [12:27] <yecril71> That means it bears the concept of a form control.
  416. # [12:27] * Joins: erlehmann (n=erlehman@dslb-088-075-220-157.pools.arcor-ip.net)
  417. # [12:27] <yecril71> You have said you had to add this because that is what all browsers do.
  418. # [12:27] <yecril71> I have demonstrated it is not the case.
  419. # [12:28] <Hixie> the collection name is a historical artefact of little importance
  420. # [12:28] <yecril71> With that attitude, HTML5 is likely to become a historical artefact of little importance.
  421. # [12:28] <Hixie> it may be that it is not all browsers but just some browsers, then
  422. # [12:29] <Hixie> i expect one day it will be, yes
  423. # [12:29] <yecril71> I do not think that "some browsers" is a good argument to break logic and backward compatibility.
  424. # [12:30] <Hixie> according to http://software.hixie.ch/utilities/js/live-dom-viewer/?%3C!DOCTYPE%20html%3E...%3Cform%3E%3Cfieldset%3E%3C%2Ffieldset%3E%3C%2Fform%3E%0A%3Cscript%3Ew%28document.forms[0].elements.length%29%3C%2Fscript%3E
  425. # [12:30] <Hixie> IE, Firefox, and Opera all put <fieldset> in form.elements
  426. # [12:30] <yecril71> I would rather ask those browsers to fix their implementations, because it is a bug.
  427. # [12:30] <hsivonen> Hixie: do I read correctly that the new http auth stuff doesn't ask browsers to change anything in their behavior?
  428. # [12:31] <Hixie> correct
  429. # [12:31] <hsivonen> ok.
  430. # [12:31] * Quits: drry (n=drry@it17.opt2.point.ne.jp) (zelazny.freenode.net irc.freenode.net)
  431. # [12:32] * Joins: drry (n=drry@it17.opt2.point.ne.jp)
  432. # [12:39] * Joins: zcorpan (n=zcorpan@pat.se.opera.com)
  433. # [12:39] <Hixie> zcorpan!
  434. # [12:39] <zcorpan> hey Hixie
  435. # [12:40] <Hixie> now i wish i had said on irc what i wanted to tell you, for i have forgotten it
  436. # [12:40] <zcorpan> :(
  437. # [12:40] <Hixie> oh one was that i invented QUOTA_EXCEEDED_ERR with code 22, and wanted to ask you if you could add it along with codes 1-21 to web dom core
  438. # [12:41] <zcorpan> ok, will do
  439. # [12:41] <yecril71> All right, I give up.
  440. # [12:41] <yecril71> <http://msdn.microsoft.com/en-us/library/ms537449(VS.85).aspx#ctl00_rs1_WikiContent_2_Container>
  441. # [12:43] <Lachy> I still can't figure out why Pentasis is having such a difficult time comprehending the purpose of the time element, nor why he's suggesting such ridiculous changes.
  442. # [12:43] <Lachy> I guess he's just interested in some kind of theoretical purity, rather than trying to address any serious practical issues
  443. # [12:43] <Hixie> theoretical purity isn't a bad thing in and of itself
  444. # [12:44] <Hixie> if the people who extended html over the years had slightly more concern over theoretical purity, we'd be in a much better state
  445. # [12:44] <zcorpan> Hixie: added
  446. # [12:44] <Hixie> wow that was quick
  447. # [12:44] <Hixie> i need to ask you to do web dom core changes more often
  448. # [12:44] <Hixie> :-D
  449. # [12:44] <zcorpan> :)
  450. # [12:45] <Hixie> did i ask you what the eta was on a fpwd yet?
  451. # [12:45] <zcorpan> not sure but there's no eta yet
  452. # [12:45] <Hixie> k
  453. # [12:45] <zcorpan> i'm trying to get the spec moved to a w3c wg
  454. # [12:46] <Hixie> won't webapps take it?
  455. # [12:46] <zcorpan> haven't approached them yet
  456. # [12:46] <Hixie> oh one of the other things was a webkit bug i came across that was about weird (but compat-required) getElementById() behavior, iirc
  457. # [12:47] <Hixie> i tried cc'ing you but you didn't seem to have an account
  458. # [12:47] <Hixie> i forget which bug now
  459. # [12:47] <zcorpan> i think i'm still using the @hotmail account on b.w.o :S
  460. # [12:47] <Lachy> Hixie, true. But when your theory is suggesting that an element for marking up dates using ISO-8601 isn't adequate because it still can't accurately represent historical dates from centuries ago, rather than just worrying about the use cases it was designed for, then it's being taken too far
  461. # [12:47] <zcorpan> i guess i should change that
  462. # [12:48] <hsivonen> I think we should define input type=date to apply to booking of hotels & transport
  463. # [12:48] <Hixie> Lachy: i think he ended up actually saying the opposite -- that we should limit it further (e.g. not allow 2AD) because that was too historical and wasn't accurate either
  464. # [12:48] <hsivonen> and we should define <time> as a piece for microformats meant for scheduling secular civilian meetings
  465. # [12:48] <zcorpan> is there a use case for <input type=url multiple>?
  466. # [12:49] <Lachy> I've generally found the things he's said to be confusing
  467. # [12:49] <zcorpan> i think validator.nu has such a field doesn't it?
  468. # [12:49] <Hixie> zcorpan: i'm sure one could be invented
  469. # [12:49] <Hixie> whether it's a common enough case to worry about is another question
  470. # [12:49] <Hixie> nobody has asked for it yet
  471. # [12:49] <Hixie> afaik
  472. # [12:50] <hsivonen> for the v.nu use case, <input type=url multiple> would be backwards-incompatible with Opera
  473. # [12:50] <hsivonen> I guess <input type=email multiple> isn't nice for Opera, either
  474. # [12:50] <zcorpan> right
  475. # [12:51] <yecril71> Why are SCRIPT elements not allowed inside TABLE elements?
  476. # [12:51] <hsivonen> yecril71: legacy
  477. # [12:51] <Hixie> and keeping things simple
  478. # [12:52] <Lachy> sure, we could limit it more, but picking cut-off point at the unix epoch 1970-01-01 wouldn't given enough range for people to mark up, e.g. birthdates, and anywhere else would be just arbitrary
  479. # [12:52] <yecril71> Simple for whom?
  480. # [12:52] <Hixie> me
  481. # [12:52] <Hixie> and authors in general
  482. # [12:52] <yecril71> It is not simple that, once I need to produce a part of a table with a script,
  483. # [12:52] <hsivonen> Lachy: I think anything but 1970-01-01 and 0001-01-01 would be arbitrary
  484. # [12:52] <Hixie> Lachy: yeah
  485. # [12:52] <yecril71> I have to produce the whole table.
  486. # [12:52] <zcorpan> hsivonen: but <script>s aren't foster parented, right?
  487. # [12:53] <hsivonen> zcorpan: oh? I don't remember.
  488. # [12:53] <Hixie> yecril71: just use DOM manipulation
  489. # [12:54] <yecril71> (IE7 handles this use case cleanly)
  490. # [12:54] <zcorpan> hsivonen: yep. "A start tag whose tag name is one of: "style", "script""
  491. # [12:55] <hsivonen> ok
  492. # [12:55] <Hixie> <input type=hidden> is magical too
  493. # [12:55] <Hixie> and <script> needs to be made magical in <select>, which is going to be a pain
  494. # [12:56] <yecril71> That means it should be supported but the document is still nonconforming?
  495. # [12:56] <hsivonen> yecril71: I withdraw what I said about legacy
  496. # [12:57] <yecril71> Why? TABLE elements cannot contain SCRIPT elements directly in HTML4 either.
  497. # [12:57] <Hixie> the restriction is one we inherited from html4 and one we will keep because allowing script in the middle of the table model encourages bad authoring practices (such as using document.write())
  498. # [12:58] <hsivonen> yecril71: I thought there was a parser legacy issue there. I wasn't referring to validation legacy.
  499. # [13:00] <yecril71> Correct me if I am wrong, but there is no way to ask the document to add more rows to the preceding table, unless that table has an ID.
  500. # [13:01] <yecril71> While it is possible inside.
  501. # [13:01] * Quits: nessy (n=nessy@124-168-156-5.dyn.iinet.net.au) ("This computer has gone to sleep")
  502. # [13:01] <yecril71> (supposing I place the SCRIPT right after the TABLE, that is.)
  503. # [13:02] <Hixie> just grab the last table from document.getElementsByTagName('table')
  504. # [13:02] <yecril71> Thanks.
  505. # [13:05] * Joins: sverrej (n=sverrej@pat-tdc.opera.com)
  506. # [13:09] <zcorpan> Hixie: is it https://bugs.webkit.org/show_bug.cgi?id=6006 ?
  507. # [13:09] <Hixie> yes
  508. # [13:09] <Hixie> wow
  509. # [13:09] <Hixie> good call
  510. # [13:10] <zcorpan> first on a search for getelementbyid :)
  511. # [13:12] * Quits: virtuelv (n=virtuelv@pat-tdc.opera.com) ("Leaving")
  512. # [13:12] <Hixie> :-)
  513. # [13:12] * Quits: erlehmann (n=erlehman@dslb-088-075-220-157.pools.arcor-ip.net) ("Ex-Chat")
  514. # [13:14] <zcorpan> it seems we have lots of bugs saying that getElementById works with name=''
  515. # [13:14] <zcorpan> which we dropped in 9.5
  516. # [13:15] <zcorpan> and no bugs on it not working with name='', afaict
  517. # [13:15] <zcorpan> also, i think ie8 doesn't look at name='' (in ie8 mode)
  518. # [13:17] <Hixie> i'll trust you to spec something that matches the web and that browsers are willing to converge on
  519. # [13:17] <yecril71> I think if a statement needs an in-transaction callback and an after-transaction callback, that amounts to two callbacks.
  520. # [13:17] <Hixie> i'm just glad it's not my problem for once :-)
  521. # [13:17] * Joins: tthorsen (n=tommy@home.kvaleberg.no)
  522. # [13:17] <yecril71> So the most straightforward thing to do would be to allow two as required.
  523. # [13:18] <yecril71> You could also provide for a callback to figure out whether the transaction has finished
  524. # [13:18] <yecril71> and report that it needs to be called afterwards if not.
  525. # [13:19] * Hixie looks at feedback from anne about %-encoding in name="" attributes and #fragids, and decides to call it a night
  526. # [13:47] * Joins: tndH (n=Rob@129.11.62.255)
  527. # [13:53] * Joins: smerp (n=smerp@cpe-066-057-061-202.nc.res.rr.com)
  528. # [13:58] * Joins: smerp_ (n=smerp@66.192.95.199)
  529. # [14:04] * Quits: smerp (n=smerp@cpe-066-057-061-202.nc.res.rr.com) (Read error: 60 (Operation timed out))
  530. # [14:10] * ap|away is now known as ap
  531. # [14:12] * Quits: smerp_ (n=smerp@66.192.95.199)
  532. # [14:18] * Quits: maikmerten (n=merten@ls5dhcp195.cs.uni-dortmund.de) (Client Quit)
  533. # [14:22] * Joins: mpt_ (n=mpt@canonical/launchpad/mpt)
  534. # [14:24] * Quits: mpt_ (n=mpt@canonical/launchpad/mpt) (Remote closed the connection)
  535. # [14:25] * Quits: tndH (n=Rob@129.11.62.255) ("ChatZilla 0.9.84-rdmsoft [XULRunner 1.9.0.1/2008072406]")
  536. # [14:51] * Joins: weinig (n=weinig@cpe-66-65-132-93.nyc.res.rr.com)
  537. # [14:55] * Joins: smerp (n=smerp@cpe-066-057-061-202.nc.res.rr.com)
  538. # [14:56] * Joins: svl (n=me@ip565744a7.direct-adsl.nl)
  539. # [14:58] * Quits: smerp (n=smerp@cpe-066-057-061-202.nc.res.rr.com) (Client Quit)
  540. # [15:17] * Quits: tthorsen (n=tommy@home.kvaleberg.no) ("Leaving")
  541. # [15:17] * Joins: sayrer (n=chatzill@user-0cev96p.cable.mindspring.com)
  542. # [15:31] * Quits: hdh (n=hdh@118.71.125.105) ("Leaving.")
  543. # [15:47] * Joins: tndH (n=Rob@james-baillie-pc083-058.student-halls.leeds.ac.uk)
  544. # [15:49] * Quits: sverrej (n=sverrej@pat-tdc.opera.com) (Read error: 110 (Connection timed out))
  545. # [15:52] * Joins: myakura (n=myakura@p4200-ipbf2306marunouchi.tokyo.ocn.ne.jp)
  546. # [15:54] <hsivonen> hmm. interesting. Gecko and HTML5 deal with noframes and noembed in very different ways
  547. # [15:54] <hsivonen> in terms of implementation
  548. # [15:54] <hsivonen> not necessarily from the POV of pages
  549. # [15:57] <zcorpan> hsivonen: how are they different?
  550. # [15:57] <hsivonen> Gecko keeps track of a nesting depth in noXXX elements and turns off <base> and form control handling when depth > 0
  551. # [15:58] <hsivonen> HTML5 treats noXXX as CDATA elements
  552. # [15:59] <zcorpan> hmm, my copy of firefox seems to insert a single text node in <noembed> -- not elements
  553. # [16:00] <hsivonen> zcorpan: it's possible that the tokenizer has changed and the depth tracking is now dead code
  554. # [16:00] <hsivonen> I was looking at the tree builder code
  555. # [16:00] <zcorpan> hsivonen: yeah, i remember dbaron saying there was similar dead code for <iframe> a while back
  556. # [16:01] <zcorpan> that disabled scripts or something
  557. # [16:01] <hsivonen> I should have that the tree builder code looks like that--not that Firefox does it :-)
  558. # [16:01] <hsivonen> can't really trust the looks of the Gecko parser code
  559. # [16:02] <zcorpan> is that code used for xhtml?
  560. # [16:02] <hsivonen> no
  561. # [16:06] * Quits: myakura (n=myakura@p4200-ipbf2306marunouchi.tokyo.ocn.ne.jp) ("Leaving...")
  562. # [16:08] <Lachy> if it's dead code, whats the point of keeping it around? Is it just that no-one has thought to remove it yet, and verify that it really is dead?
  563. # [16:13] <hsivonen> Lachy: most likely it's dead and forgotten and now no one wants to touch the parser more than absolutely necessary
  564. # [16:17] <Lachy> ok. I suppose it won't matter too much since I assume they'll be replacing the parser entirely with a new HTML5 parser soon enough
  565. # [16:17] <hsivonen> hopefully :-)
  566. # [16:22] * Joins: billmason (n=bmason@ip49.unival.com)
  567. # [16:27] * Joins: jmb^ (n=jmb@login.ecs.soton.ac.uk)
  568. # [16:27] * Quits: jmb (n=jmb@login.ecs.soton.ac.uk) (Read error: 131 (Connection reset by peer))
  569. # [16:27] * Joins: dglazkov (n=dglazkov@c-24-130-144-56.hsd1.ca.comcast.net)
  570. # [16:28] * Quits: dglazkov (n=dglazkov@c-24-130-144-56.hsd1.ca.comcast.net) (Client Quit)
  571. # [16:36] * Joins: aaronlev_ (n=chatzill@e180228045.adsl.alicedsl.de)
  572. # [16:49] * Joins: mstange (n=markus@aixd3.rhrk.uni-kl.de)
  573. # [16:49] <zcorpan> hey punctation is allowed in encoding declarations
  574. # [16:49] <zcorpan> you can make smileys out of encoding names
  575. # [16:50] <zcorpan> ~u_^t^_f8
  576. # [16:52] * Quits: jmb^ (n=jmb@login.ecs.soton.ac.uk) (Remote closed the connection)
  577. # [16:52] * Joins: jmb (n=jmb@login.ecs.soton.ac.uk)
  578. # [16:53] <Lachy> zcorpan, I can't see how that example you gave can be seen as a smiley?
  579. # [16:54] * Quits: Hish (n=chatzill@mail2.n-e-s.de) (Read error: 104 (Connection reset by peer))
  580. # [16:56] <zcorpan> Lachy: dunno, come up with something better :)
  581. # [16:56] * Quits: aaronlev (n=chatzill@f051078123.adsl.alicedsl.de) (Read error: 110 (Connection timed out))
  582. # [16:56] * Joins: sverrej (n=sverrej@cm-84.208.153.202.getinternet.no)
  583. # [17:00] <zcorpan> hey you could even have multiline ascii art
  584. # [17:01] * hsivonen can't wait to debug input with multiline ascii art charsets
  585. # [17:02] <hsivonen> w00t. the C++ version of the HTML5 parser *finally* links all the way
  586. # [17:02] <Dashiva> Is newline allowed, though?
  587. # [17:02] <hsivonen> any language that doesn't have C++-style linkage must give a huge productivity boost compared to C++
  588. # [17:03] <Lachy> zcorpan, where in the spec does it say punctation is allowed?
  589. # [17:03] <Lachy> is it that they're ignored for the parsing requirements, or that they're considered conforming too?
  590. # [17:04] <zcorpan> "The value must be a valid character encoding name, and must be the preferred name for that encoding."
  591. # [17:05] <zcorpan> hsivonen: validator.nu doesn't complain about punctation
  592. # [17:05] * Quits: jmb (n=jmb@login.ecs.soton.ac.uk) (Remote closed the connection)
  593. # [17:05] * Joins: jmb (n=jmb@login.ecs.soton.ac.uk)
  594. # [17:06] <Lachy> zcorpan, how do you interpret that as allowing punctuation?
  595. # [17:06] <hsivonen> zcorpan: thanks. I filed http://bugzilla.validator.nu/show_bug.cgi?id=337
  596. # [17:06] <zcorpan> Lachy: i don't :)
  597. # [17:06] <Lachy> wtf? You said "punctation is allowed in encoding declarations"
  598. # [17:06] <zcorpan> yeah, i was mistaken
  599. # [17:06] <zcorpan> i was just playing around in v.nu
  600. # [17:06] <Lachy> oh
  601. # [17:07] <Philip`> yecril71: The thread around http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2008-June/014984.html discusses the IE heading CSS bug, and that post suggests a simple workaround, but I guess Hixie cares more about the theoretical purity of the spec's markup than about its impact on users :-)
  602. # [17:08] * Quits: Maurice (n=ano@a80-101-46-164.adsl.xs4all.nl) ("Disconnected...")
  603. # [17:10] * Quits: Lachy (n=Lachlan@pat-tdc.opera.com) ("This computer has gone to sleep")
  604. # [17:11] * Quits: yecril71 (n=giecrilj@piekna-gts.2a.pl) (Read error: 110 (Connection timed out))
  605. # [17:16] * Joins: jmb^ (n=jmb@login.ecs.soton.ac.uk)
  606. # [17:16] * Quits: jmb (n=jmb@login.ecs.soton.ac.uk) (Read error: 104 (Connection reset by peer))
  607. # [17:19] * Joins: aroben (n=adamrobe@c-69-142-103-232.hsd1.pa.comcast.net)
  608. # [17:25] * Quits: aaronlev_ (n=chatzill@e180228045.adsl.alicedsl.de) ("ChatZilla 0.9.83-rdmsoft [XULRunner 1.9.0.1/2008072406]")
  609. # [17:27] * Joins: Lachy (n=Lachlan@85.196.122.246)
  610. # [17:38] * Quits: pesla (n=retep@procurios.xs4all.nl) ("( www.nnscript.com :: NoNameScript 4.21 :: www.esnation.com )")
  611. # [17:44] * Joins: smedero (n=smedero@mdp-nat251.mdp.com)
  612. # [17:51] * Joins: sbublava (n=stephan@77.117.1.209.wireless.dyn.drei.com)
  613. # [17:53] * Joins: dglazkov (n=dglazkov@nat/google/x-6eb211a951f14c72)
  614. # [17:58] * Quits: zcorpan (n=zcorpan@pat.se.opera.com)
  615. # [18:03] * Joins: Maurice (i=copyman@5ED548D4.cable.ziggo.nl)
  616. # [18:13] * jmb^ is now known as jmb
  617. # [18:37] * Joins: BenMillard (n=cerbera@cpc1-flee1-0-0-cust285.glfd.cable.ntl.com)
  618. # [18:49] <BenMillard> Lachy, I sometimes manage to make graphical websites which support Fx2, Fx3, O9, most recent Safari, IE6 and IE7 without hacks (re: http://krijnhoetmer.nl/irc-logs/whatwg/20081126#l-395)
  619. # [18:49] <BenMillard> usually, the show-stoppers aren't really CSS problems, it's fundamental breakage in the rendering engine :)
  620. # [18:49] * Quits: sbublava (n=stephan@77.117.1.209.wireless.dyn.drei.com)
  621. # [18:50] * Philip` can't even make non-graphical sites without finding browser bugs :-(
  622. # [18:50] <BenMillard> usually there are multiple ways of getting the same visual effect, like yecril71 points out
  623. # [18:51] <BenMillard> and when the job has a requirement that it *must* look correct in that set of browsers before your client pays you, well, you learn to compromise :)
  624. # [18:51] * Joins: maikmerten (n=maikmert@L8127.l.pppool.de)
  625. # [18:54] <BenMillard> yecril71, in applications on Windows, the equivalent of <fieldset> is called Frame (at least in VB6) and you add it to a form (aka window) as a control (aka a form control)
  626. # [18:54] <BenMillard> more specifically, it's a "container control" along with PictureBox, TabStrip and suchlike
  627. # [18:55] * Quits: dave_levin (n=dave_lev@72.14.224.1)
  628. # [18:57] <BenMillard> krijnh, linkification stopped short by [ character: http://krijnhoetmer.nl/irc-logs/whatwg/20081126#l-424
  629. # [18:58] * Quits: aroben (n=adamrobe@unaffiliated/aroben)
  630. # [19:04] * Joins: erlehmann (n=erlehman@dslb-088-072-029-214.pools.arcor-ip.net)
  631. # [19:04] * Joins: aroben (i=aroben@unaffiliated/aroben)
  632. # [19:05] <BenMillard> Philip`, using position:relative on elements with negative margins is how I thought it was supposed to work, because I'm so used to doing that for IE :P
  633. # [19:06] <BenMillard> sometimes I use a negative top or left value instead of negative margin, due to margin bugs
  634. # [19:14] * Quits: mstange (n=markus@aixd3.rhrk.uni-kl.de) ("ChatZilla 0.9.84 [Firefox 3.1b2pre/20081124033940]")
  635. # [19:17] * Joins: dave_levin (n=dave_lev@72.14.227.1)
  636. # [19:17] * Quits: ap (n=ap@195.239.126.10)
  637. # [19:19] * Philip` gets down to 3.6MB for an animated visualisation of the internal links in every 5th revision of the HTML 5 spec since its history began, which doesn't seem too bad
  638. # [19:19] * aroben is now known as aroben|lunch
  639. # [19:19] <Philip`> BenMillard: Why does position:relative help in those cases?
  640. # [19:22] * Quits: weinig (n=weinig@cpe-66-65-132-93.nyc.res.rr.com)
  641. # [19:23] * gsnedders wonders if that is danbri in one of his TPAC photos
  642. # [19:24] <gsnedders> No, it isn't.
  643. # [19:30] <BenMillard> Philip`, various strange things start working properly with position:relative in IE...often inexplicably :)
  644. # [19:30] <BenMillard> (like graphical bullets on list items in semi-arbitrary conditions)
  645. # [19:32] * Joins: virtuelv (n=virtuelv@163.80-202-65.nextgentel.com)
  646. # [19:39] * Quits: mpt (n=mpt@canonical/launchpad/mpt) ("Leaving")
  647. # [19:44] * Joins: kangax (n=kangax@74.201.136.194)
  648. # [19:54] * Joins: dbaron (n=dbaron@corp-241.mountainview.mozilla.com)
  649. # [19:54] <hsivonen> do I read the html5lib correctly when I think it sanizes by discarding tokens before the tree builder?
  650. # [19:54] <hsivonen> s/html5lib/html5lib source/
  651. # [19:55] * Quits: KevinMarks (n=KevinMar@c-98-207-134-151.hsd1.ca.comcast.net) ("The computer fell asleep")
  652. # [19:55] * Joins: KevinMarks (n=KevinMar@c-98-207-134-151.hsd1.ca.comcast.net)
  653. # [19:58] <jgraham> hsivonen: Yes
  654. # [19:59] <hsivonen> jgraham: does it discard script content?
  655. # [19:59] <jgraham> hsivonen: I believe so
  656. # [20:00] <jgraham> (but I guess there may be bugs)
  657. # [20:03] <hsivonen> It seems that the dominant design of HTML sanitizers is to throw stuff away between the tokenizer and the tree builder
  658. # [20:04] <hsivonen> Hixie: looks like different rules are called for here compared to the infoset coercion stuff
  659. # [20:04] <hsivonen> (not to suggest that HTML5 should prescribe the rules, but anyway)
  660. # [20:05] <sayrer> hsivonen, have you tested the new IE8 method?
  661. # [20:06] <hsivonen> sayrer: nope. What's the new IE8 method?
  662. # [20:06] <sayrer> hsivonen, toSafeHTML or some such
  663. # [20:06] <sayrer> hsivonen, yeah, that's it
  664. # [20:08] <hsivonen> "Update 11/20/08: changed reference to toSafeHTML to toStaticHTML" says IE blog
  665. # [20:09] <hsivonen> hmm. string to string method
  666. # [20:10] <hsivonen> sayrer: this is mail&news stuff, isn't it: http://mxr.mozilla.org/mozilla-central/source/content/base/src/mozSanitizingSerializer.cpp
  667. # [20:10] <sayrer> hsivonen, yeah. I decided I couldn't use that, way back when. Don't remember why.
  668. # [20:10] <hsivonen> sayrer: ok
  669. # [20:11] <hsivonen> I should test toStaticHTML to see what it actually does
  670. # [20:11] <hsivonen> thanks
  671. # [20:12] * Quits: KevinMarks (n=KevinMar@c-98-207-134-151.hsd1.ca.comcast.net) (Read error: 110 (Connection timed out))
  672. # [20:13] * Joins: dimich (n=dimich@72.14.227.1)
  673. # [20:17] <gsnedders> http://www.flickr.com/photos/gsnedders/3061950334/
  674. # [20:17] <gsnedders> http://www.flickr.com/photos/gsnedders/3061106047/
  675. # [20:17] <gsnedders> who are those someones?
  676. # [20:17] <hsivonen> gsnedders: in 3061950334 Felix Sasaki
  677. # [20:17] <hsivonen> gsnedders: in 3061106047 Steve Zilles
  678. # [20:25] <sayrer> hsivonen, I may have run screaming from http://mxr.mozilla.org/mozilla-central/source/content/base/src/mozSanitizingSerializer.cpp#474
  679. # [20:26] <sayrer> and also the pref parsing
  680. # [20:27] <hsivonen> sayrer: seems to be the wrong way round...
  681. # [20:34] * Joins: KevinMarks (n=KevinMar@216.239.45.19)
  682. # [20:40] <gsnedders> hsivonen: ah, thx
  683. # [20:56] * Quits: Lachy (n=Lachlan@85.196.122.246) ("This computer has gone to sleep")
  684. # [20:58] * Quits: kangax (n=kangax@74.201.136.194)
  685. # [21:17] * aroben|lunch is now known as aroben
  686. # [21:19] <hsivonen> http://groups.google.com/group/mozilla.dev.planning/msg/f2dd45413cc68413
  687. # [21:20] * Quits: BenMillard (n=cerbera@cpc1-flee1-0-0-cust285.glfd.cable.ntl.com)
  688. # [21:24] <hsivonen> Hixie: am reading the spec correctly that it's OK to have an event loop spin between document.close() and the tokenizer emitting the EOF?
  689. # [21:25] * Quits: aroben (i=aroben@unaffiliated/aroben) (Read error: 104 (Connection reset by peer))
  690. # [21:25] * gsnedders wonders if he gets a VPS how quickly he'll screw it up
  691. # [21:25] * Joins: weinig (n=weinig@pool-71-167-7-222.nycmny.fios.verizon.net)
  692. # [21:26] <gsnedders> hsivonen: that is lovely.
  693. # [21:29] * weinig is now known as weinig|away
  694. # [21:36] * Joins: KrocCamen (n=kroc@80-194-189-199.cable.ubr03.craw.blueyonder.co.uk)
  695. # [21:49] * Joins: shepazu (n=schepers@c-98-230-27-112.hsd1.fl.comcast.net)
  696. # [21:49] * Joins: mpt (n=mpt@canonical/launchpad/mpt)
  697. # [21:51] <Philip`> gsnedders: You can always just reinstall it once you break everything
  698. # [21:51] <gsnedders> Philip`: :P
  699. # [21:52] * Philip` discovered Ubuntu has "ufw", which makes firewall configuration actually sane - you say stuff like "ufw allow 80/tcp" and it does what you want, and you don't have to even know what iptables are
  700. # [21:56] * Joins: Lachy (n=Lachlan@85.196.122.246)
  701. # [21:57] <gsnedders> wow
  702. # [22:00] * Joins: nessy (n=nessy@124-168-156-5.dyn.iinet.net.au)
  703. # [22:02] * Quits: maikmerten (n=maikmert@L8127.l.pppool.de) (Client Quit)
  704. # [22:02] * Quits: virtuelv (n=virtuelv@163.80-202-65.nextgentel.com) (Read error: 110 (Connection timed out))
  705. # [22:06] * Joins: epeus (n=KevinMar@nat/google/x-c7df243871ef63f8)
  706. # [22:13] * Quits: ROBOd (n=robod@89.122.216.38) ("http://www.robodesign.ro")
  707. # [22:13] * Quits: KevinMarks (n=KevinMar@216.239.45.19) (Connection timed out)
  708. # [22:29] * Quits: shepazu (n=schepers@c-98-230-27-112.hsd1.fl.comcast.net)
  709. # [22:30] <Hixie> hsivonen: not only is it ok, it is required, because the tokeniser only emits stuff as part of the event loop
  710. # [22:34] <hsivonen> Hixie: doesn't the tokenizer emit non-EOF tokens immediately on first-level document.write()?
  711. # [22:34] <Hixie> yeah but that is still originally part of an event loop step
  712. # [22:34] <hsivonen> Hixie: but it's good that a spin is OK with document.close()
  713. # [22:35] <hsivonen> ok
  714. # [22:36] * Quits: dolske (n=dolske@firefox/developer/dolske) ("Leaving...")
  715. # [22:55] * Quits: nessy (n=nessy@124-168-156-5.dyn.iinet.net.au) ("This computer has gone to sleep")
  716. # [23:05] <krijnh> BenMillard: fixed, thanks
  717. # [23:07] <Dashiva> That was a short-lived feature (@html-auth)
  718. # [23:12] * Philip` apologises for helping kill it
  719. # [23:12] * Quits: smedero (n=smedero@mdp-nat251.mdp.com)
  720. # [23:15] <Philip`> (Actually I'm blame Julian, for originally suggesting that there could be a security issue)
  721. # [23:16] <Dashiva> Jonas would've picked up the slack anyhow, it seems :)
  722. # [23:16] <sicking> off with its head!
  723. # [23:19] <Dashiva> sicking: Do you have a secret new proposal that will rock our socks?
  724. # [23:19] * Quits: Maurice (i=copyman@5ED548D4.cable.ziggo.nl) ("Disconnected...")
  725. # [23:19] <sicking> nothing secret
  726. # [23:19] <sicking> i've argued for something like OpenID for a while, just not very heavily
  727. # [23:20] <sicking> OpenID, the way it looks like now, with all its redirects and stuff, is no good though
  728. # [23:20] <sicking> but there a lot that can be done if we build it into the browser
  729. # [23:20] <sicking> basically we need something like microsofts CardSpace, but as a more open platform
  730. # [23:22] * Joins: hdh (n=hdh@118.71.125.105)
  731. # [23:22] <Dashiva> Does cardspace avoid the "phishing enabling" of current openid?
  732. # [23:23] * Joins: doublec (n=chris@202.0.36.64)
  733. # [23:24] <sicking> that is my understanding
  734. # [23:24] * Joins: nessy (n=nessy@115.128.8.58)
  735. # [23:24] <sayrer> sicking, how so?
  736. # [23:24] <sicking> however, i have not heard what all the complaints about neither cardspace nor openid are, so it's entirely possible that neither of them are very close to what we need
  737. # [23:25] <sicking> sayrer, you don't type a password, you just click on an image to choose which identity to use
  738. # [23:25] <sayrer> that is good
  739. # [23:25] <sayrer> fwiw, I did like the idea of using the 401 body for this
  740. # [23:25] <hsivonen> sicking: I think it would need to degrade gracefully into the current OpenID experience in browsers that don't implement the future thing
  741. # [23:25] <Lachy> Philip`, I find it difficult to believe that anyone would be stupid enough to introduce a XSS bug into a 401 page, especially because it's effectivly saying you need to log in before you can do anything
  742. # [23:25] <sayrer> only Safari is broken w.r.t. that extension point
  743. # [23:26] <sicking> hsivonen, it needs to degrade into something for sure
  744. # [23:26] <hsivonen> sicking: so in that sense, seeking to put the hook into the OpenID ID provider code might work
  745. # [23:26] <Lachy> and the XSS attack you outlined would need so many different bugs to occur in just the right way, it seems highly unlikely
  746. # [23:26] <hsivonen> but that would mean users would have to enter a URI into a field still
  747. # [23:26] <hsivonen> unless the field can be reliably autocompleted by the browser, too
  748. # [23:26] <sayrer> I had the idea that the 401 body should be the non-existant notion of svg static
  749. # [23:27] <sayrer> so browsers can create a difficult to simulte UI
  750. # [23:27] <sayrer> and show a little bit of branding next to it
  751. # [23:27] * weinig|away is now known as weinig
  752. # [23:27] <hsivonen> what's svg static?
  753. # [23:28] <sayrer> svg with scripting, animation, fonts, etc
  754. # [23:28] <sayrer> er
  755. # [23:28] <sayrer> witout
  756. # [23:28] <sayrer> without
  757. # [23:28] <hsivonen> ah
  758. # [23:28] <sayrer> there is no subset that matches that
  759. # [23:28] <sayrer> but I'm thinking full-screen shadowed / UI box
  760. # [23:28] <sayrer> I guess flash or quicktime might be coerced
  761. # [23:28] <sayrer> to do that
  762. # [23:28] <sayrer> but it would be much harder
  763. # [23:29] <Lachy> although I'm still glad the www-authenticate feature was removed, since it seemed quite useless in practice for all but a very niche market
  764. # [23:30] <Philip`> Lachy: It doesn't seem implausible that someone would have e.g. login.php?return=... which gives you the login form with a <a href="$return">Go back</a> and returns 401 and WWW-Authenticate HTML because they want to tell bots to log in that way, and introduce the XSS hole that way
  765. # [23:30] <Philip`> Lachy: and I don't see what bugs the attack needs, other than the XSS one
  766. # [23:30] * Quits: heycam (n=cam@203-217-88-133.dyn.iinet.net.au) ("bye")
  767. # [23:31] <Philip`> Lachy: Also, you shouldn't underestimate people's stupidity :-p
  768. # [23:33] <Lachy> it requires the bot to access the page via a URL which exploits the XSS attacks
  769. # [23:34] <Philip`> Bots follow links, and it's trivial to put a link onto most people's sites
  770. # [23:34] <Lachy> that may depend on the purpose of the bot, and where it was following links from
  771. # [23:34] <Philip`> (via blog comments, or referrer logs, or whatever)
  772. # [23:34] <Philip`> The purpose of the bot is to follow all the links it can find on the site :-)
  773. # [23:35] <sayrer> could just turn of scripts on 401 pages
  774. # [23:35] <Philip`> sayrer: There aren't any scripts involved here
  775. # [23:35] <sayrer> oh I see
  776. # [23:36] <Lachy> I suppose a such a link could occur on the site itself if it allowed user generated content of some kind
  777. # [23:36] <Lachy> and only used the 401 to prevent access to member areas
  778. # [23:38] <Lachy> it may not be a new problem though. If there are bots that perform this kind of log in already, by being manually configured with the form name, they would be vulnerable to the same attack
  779. # [23:38] <Lachy> although without the www-authenticate header advertising that, it's less likely
  780. # [23:39] <Lachy> but the same attack could be used against users by getting them to follow the link
  781. # [23:40] * Quits: erlehmann (n=erlehman@dslb-088-072-029-214.pools.arcor-ip.net) ("Ex-Chat")
  782. # [23:41] <Philip`> It's not a problem unique to WWW-Authenticate, but WWW-Authenticate was designed in a way that encourages behaviour that would encounter that problem
  783. # [23:46] * fakeolliej is now known as olliej
  784. # [23:54] * Joins: ginger (n=nessy@115.129.8.203)
  785. # [23:54] * Joins: heycam (n=cam@clm-laptop.infotech.monash.edu.au)
  786. # [23:55] * Quits: mpt (n=mpt@canonical/launchpad/mpt) ("Leaving")
  787. # [23:59] <Hixie> i hven't removed it yet btw
  788. # Session Close: Thu Nov 27 00:00:00 2008

The end :)