Re: [whatwg] Obsolete Feature [hgroup]

On 02/17/2015 03:15 PM, Barry Smith wrote: *snip* As far as validation, a document with the hgroup element will not pass when using the W3C Markup Validation Service. *snip* Thank You For Your Time, Barry Smith WHATWG is not W3C W3C dropped the ball (imho) and HTML became stagnant

[whatwg] HTML Microdata

as I can tell, that is the right way to implement this type of thing. It should at least be an option. Michael A. Peters

Re: [whatwg] HTML6 proposal for single-page apps without Javascript

On 03/20/2015 02:10 AM, Bobby Mozumder wrote: There’s a standard design pattern emerging via all the front-end javascript frameworks where content is loaded dynamically via JSON APIs. This is the single-page app web design pattern. Everyone’s into it because the responsiveness is so much

Re: [whatwg] URI scheme whitelisting and the case of cryptocurrencies

On 03/07/2015 03:40 PM, Michael A. Peters wrote: Especially crypto-currencies where even on Linux systems, the client is often not under a package management system control and may be out of date. QR codes pose the same problem but it is more difficult to trick a user into scanning a QR

Re: [whatwg] URI scheme whitelisting and the case of cryptocurrencies

On 03/07/2015 11:50 AM, Krzysztof Jurewicz wrote: *snip* What are your thoughts about that? Are there any security considerations preventing the whitelist solution? Or maybe a more general one should be worked out? I do not allow bitcoin: on my servers, nor anything except for http,

Re: [whatwg] HTML6 single-page apps without Javascript proposal now on Github

I see JavaScript as a useful tool that is seriously abused by many devs, I'm against this. But if you do it, make damn sure it has proper CSP support. On March 24, 2015 2:18:53 AM PDT, Bobby Mozumder mozum...@futureclaw.com wrote: https://github.com/mozumder/HTML6 I’ll be updating that Github

Re: [whatwg] HTML6 single-page apps without Javascript proposal now on Github

On 03/24/2015 04:50 PM, Michael A. Peters wrote: I see JavaScript as a useful tool that is seriously abused by many devs, I'm against this. But if you do it, make damn sure it has proper CSP support. I would like to clarify that when I say I am against this, I am not opposed

Re: [whatwg] HTML6 single-page apps without Javascript proposal now on Github

On 03/25/2015 12:39 AM, Janusz Majnert wrote: OK. This makes no sense for me. So you propose that the server does simple translation of SQL from url to actual query, but you don't see any security issue with this? If on the other hand you're proposing that the server validates the sql sent

Re: [whatwg] scrap the srcset attribute

On 03/02/2015 09:47 AM, Tab Atkins Jr. wrote: This is much easier to write and to maintain Is it really? With a simple key=value pair, I can: $src = trim($node-getAttribute('src'); Then I can check it - if it is relative, I can change it to reference the cdn. If it is not local, I can

[whatwg] scrap the srcset attribute

Dear WHATWG, Scrap the srcset attribute. Traditionally in HTML, and in every instance of XML I have personally worked with, an element's attribute is a key=value pair. Okay the type attribute for source node in audio and video, sometimes it has codecs specified there too - but that's the only

Re: [whatwg] resize events on elements

On 02/23/2015 05:40 PM, Dean Jackson wrote: At the recent Houdini meeting there was a vague agreement between the browser engines on adding a way for elements to be notified when their size changes. We've run into a number of scenarios where this is extremely useful, and is otherwise

Re: [whatwg] HTML6 proposal for single-page apps without Javascript

On 03/27/2015 06:51 PM, Miles Fidelman wrote: I've been reading through the discussion thread, all of which seems to jump immediately into the weeds of specific details of the proposal. I'm amazed that nobody has yet commented on the implicit premise, which I read as: - JavaScript is a

Re: [whatwg] HTML6 proposal for single-page apps without Javascript

On 04/02/2015 04:08 AM, Andrea Rendine wrote: sarcasmWell, this means that we must also simplify CSS, don't you think so? all that stuff about media queries, about animation and transitions, pseudo-elements, pseudo-classes, how can poor Tumblr users learn that?/sarcasm Oh god yes, I like

Re: [whatwg] JavaScript Hovers and Back Button

the tab or quitting the browser. On 04/13/2016 12:54 PM, Jonathan Zuckerman wrote: I have heard of a lot of abuses but never actually come across this particular one, can you point us to a site that demonstrates it? On Wed, Apr 13, 2016 at 3:53 PM, Michael A. Peters <mpet...@domblogger.

Re: [whatwg] JavaScript Hovers and Back Button

they feel like they have no control. It's effing stupid that anyone ever thought it was a good idea to let JavaScript disable the standard browser controls. As browsers have done that, it needs to be specified that JavaScript can't do that. On 04/13/2016 12:44 PM, Michael A. Peters wrote: It needs

[whatwg] JavaScript Hovers and Back Button

It needs to be made very clear as a web standard that no JavaScript action can disable UI functions such as the back button. A very common abuse is that when pulling the mouse to hit the back button because you are not interested in a page, a hover comes up and when the hover comes up, the

[whatwg] Push API and Endpoints

I'm starting to play with Push API and it dawned on me - The client retrieves the enpoint from the browser and sends it to the web application server. The web application server then sends data to the endpoint, using the data provided by the client. Is there any mechanism by which the

Re: [whatwg] How can a server or serverside script identify if a request is from a page, iframe or xhr?

On 11/01/2016 02:42 AM, Roger Hågensen wrote: I was wondering how can a server or script identify if a request is from page, iframe or xhr? Doing this would not prevent any XSS attacks, but it would allow a server/server-side script to detect a potential XSS attack. I could not find any

Re: [whatwg] possible new parameters to video.play() ?

On 09/19/2016 07:41 AM, Simon Pieters wrote: There is always room for adding convenience APIs, it's a matter of demonstrating that it's a common enough need to make it worth the cost of adding it. https://wiki.whatwg.org/wiki/FAQ#Where.27s_the_harm_in_adding.E2.80.94 HTH, * OFF TOPIC *

Re: [whatwg] How can a server or serverside script identify if a request is from a page, iframe or xhr?

On 11/01/2016 03:32 AM, Roger Hågensen wrote: On 2016-11-01 10:42, Roger Hågensen wrote: I was wondering how can a server or script identify if a request is from page, iframe or xhr? I really hate answering myself (and so soon after making a post) but it seems I have found the answer at

Re: [whatwg] Media query for bandwidth ??

On 12/09/2016 06:14 PM, Florian Rivoal wrote: On Dec 9, 2016, at 23:07, Michael A. Peters <mpet...@domblogger.net> wrote: This was inspired by inspection of a style-sheet in the wild that uses screen-width to try and reduce bandwidth needs of mobile devices. I like the concept, but very

[whatwg] Media query for bandwidth ??

This was inspired by inspection of a style-sheet in the wild that uses screen-width to try and reduce bandwidth needs of mobile devices. I like the concept, but very often I use my mobile devices where bandwidth doesn't matter and my laptop via a mifi where bandwidth does matter. I would

Re: [whatwg] Media query for bandwidth ??

d the feature you're asking for using existing parts. It's not baked into the platform, but because of the nature of the web and vagueness of the requirements, I'm not sure it's possible to do any better. On Fri, Dec 9, 2016 at 9:07 AM Michael A. Peters <mpet...@domblogger.net> wrote: This

Re: [whatwg] Media query for bandwidth ??

s of the requirements, I'm not sure it's possible to do any better. On Fri, Dec 9, 2016 at 9:07 AM Michael A. Peters <mpet...@domblogger.net> wrote: This was inspired by inspection of a style-sheet in the wild that uses screen-width to try and reduce bandwidth needs of mobile devices. I li

Re: [whatwg] Media query for bandwidth ??

On 12/09/2016 09:03 AM, Boris Zbarsky wrote: On 12/9/16 5:57 AM, Michael A. Peters wrote: max-height and max-width and orientation change, but device-width does not change. Just as a point of fact, device-width can absolutely change. The simplest case is a two-monitor setup with the window

Re: [whatwg] Media query for bandwidth ??

the document to trigger the css rules for that experience, so you can build the feature you're asking for using existing parts. It's not baked into the platform, but because of the nature of the web and vagueness of the requirements, I'm not sure it's possible to do any better. On Fri, Dec 9, 2

Re: [whatwg] Media query for bandwidth ??

That way it can be more easily vetted and tested. [1] https://dvcs.w3.org/hg/dap/raw-file/tip/network-api/Overview.html On Fri, Dec 9, 2016 at 12:43 PM Michael A. Peters <mpet...@domblogger.net> wrote: On 12/09/2016 09:03 AM, Boris Zbarsky wrote: On 12/9/16 5:57 AM, Michael A. Peters wrot

Re: [whatwg] Media query for bandwidth ??

://dvcs.w3.org/hg/dap/raw-file/tip/network-api/Overview.html On Fri, Dec 9, 2016 at 12:43 PM Michael A. Peters <mpet...@domblogger.net> wrote: On 12/09/2016 09:03 AM, Boris Zbarsky wrote: On 12/9/16 5:57 AM, Michael A. Peters wrote: max-height and max-width and orientation change, but device

Re: [whatwg] window.opener security issues (Was: WhatWG is broken)

cross-domain? Is the UA not a logical and uniform place for this? BTW I've also experienced the CitHub topic-closure nazis many times :-( On Fri, Dec 2, 2016 at 10:42 AM, Michael A. Peters <mpet...@domblogger.net> wrote: Well if it was done as a header, I suppose it could be added as

Re: [whatwg] window.opener security issues (Was: WhatWG is broken)

Well if it was done as a header, I suppose it could be added as a http-equiv meta tag for those who want to. Header is the easiest solution to make sure it is applied everywhere without question. It could even be added at the front-end proxy to cover numerous web applications on many domains

Re: [whatwg] window.opener security issues (Was: WhatWG is broken)

On 12/01/2016 06:14 PM, Elliott Sprehn wrote: On Wed, Nov 30, 2016 at 10:53 PM, Boris Zbarsky wrote: On 12/1/16 1:41 AM, Chris Holland wrote: I think the devil would be in implementation detail. Slapping a "rel/noopener" attribute on a specific link is very deterministic

Re: [whatwg] window.opener security issues (Was: WhatWG is broken)

On 12/01/2016 05:39 PM, Domenic Denicola wrote: From: whatwg [mailto:whatwg-boun...@lists.whatwg.org] On Behalf Of Ian Hickson I believe that's a bit of an overstatement. There are certainly risks involved in window.opener (they're briefly discussed in the spec itself), but it doesn't remove

Re: [whatwg] window.opener security issues (Was: WhatWG is broken)

On 11/30/2016 05:23 PM, Ian Hickson wrote: On Wed, Nov 30, 2016 at 4:49 PM Michael A. Peters <mpet...@domblogger.net> wrote: Right now the specification for window.opener() is seriously insecure, allowing for cross-domain script access by default. I believe that's a bit of an oversta

Re: [whatwg] window.opener security issues (Was: WhatWG is broken)

On 11/30/2016 06:21 PM, Michael A. Peters wrote: On 11/30/2016 05:23 PM, Ian Hickson wrote: On Wed, Nov 30, 2016 at 4:49 PM Michael A. Peters <mpet...@domblogger.net> wrote: Right now the specification for window.opener() is seriously insecure, allowing for cross-domain script

[whatwg] WhatWG is broken

https://www.w3.org/TR/html-design-principles/#priority-of-constituencies 3.2. Priority of Constituencies In case of conflict, consider users over authors over implementors over specifiers over theoretical purity. In other words costs or difficulties to the user should be given more weight

Re: [whatwg] window.opener security issues (Was: WhatWG is broken)

On 12/02/2016 08:47 AM, Boris Zbarsky wrote: On 12/2/16 11:34 AM, Michael A. Peters wrote: It seems that CSP behavior has radically changed since the last time I looked at it I can't speak to when you last looked at it, but the current state shipping in browsers is, as far as I know

Re: [whatwg] window.opener security issues (Was: WhatWG is broken)

On 12/02/2016 08:23 AM, Boris Zbarsky wrote: On 12/2/16 11:01 AM, Michael A. Peters wrote: Personally I love CSP but it does not allow inline scripts or inline CSS Only if you say to not allow them. The default behavior allows them. For example, this disallows inline scripts, because script

Re: [whatwg] window.opener security issues (Was: WhatWG is broken)

ential-management/ rely on this flaw? On Fri, Dec 2, 2016 at 11:44 AM, Michael A. Peters <mpet...@domblogger.net> wrote: If window.opener() did not work cross-domain then as far as I can tell that would be secure. On 12/01/2016 07:23 PM, Richard Maher wrote: I see what you're saying Mich

[whatwg] header for JSON-LD ???

I am (finally) starting to implement JSON-LD on a site, it generates a lot of data that is useless to the non-bot typical user. I'd prefer to only stick it in the head when the client is a crawler that wants it. Wouldn't it be prudent if agents that want JSON-LD can send a standardized

Re: [whatwg] header for JSON-LD ???

On 07/25/2017 02:29 PM, Qebui Nehebkau wrote: Wow, that was unnecessary. "Working with the web since the late 90s" doesn't intrinsically make you any more right or any better a web designer than some 12-year-old from Geocities. If maintaining your worldview depends on assuming that anyone who

Re: [whatwg] header for JSON-LD ???

On 07/25/2017 10:45 AM, Jonathan Zuckerman wrote: This suggestion might have more success with the W3C? I'm not completely clear on the politics and history of the two orgs, but it seems like the W3C has supported JSON-LD in the past, so they might have some interest in expanding it. On a

Re: [whatwg] header for JSON-LD ???

On 07/25/2017 02:42 PM, Qebui Nehebkau wrote: On 25 July 2017 at 17:32, Michael A. Peters <mpet...@domblogger.net> wrote: Nor does his assumption that I am "new" to the web somehow disqualify me from making suggestions with current use cases that could reduce the bloat o

Re: [whatwg] header for JSON-LD ???

run your proposal by a group that likes JSON-LD. Maybe public-rdf-comme...@w3.org referenced from https://www.w3.org/TR/json-ld/? Or an issue against https://github.com/json-ld/json-ld.org? Jeffrey On Fri, Jul 21, 2017 at 2:21 PM, Michael A. Peters <mpet...@domblogger.net> wrote: I am (f

Re: [whatwg] header for JSON-LD ???

On 07/23/2017 02:42 PM, Qebui Nehebkau wrote: On 23 July 2017 at 14:12, Michael A. Peters <mpet...@domblogger.net> wrote: It's a beautiful way to create structured data separate from the content, just like layout (CSS) is best kept separate from the content. [...] I wonder why

Re: [whatwg] header for JSON-LD ???

On 07/23/2017 03:33 PM, Michael A. Peters wrote: On 07/23/2017 02:42 PM, Qebui Nehebkau wrote: *snip* I can't speak for anyone else - I can barely speak for myself - but I think I'd argue that, intuitively, if your structured data isn't logically part of your content, there's a good chance

Re: [whatwg] header for JSON-LD ???

to displaying this information to humans? How can you justify displaying different content to different classes of user? On Sun, Jul 23, 2017 at 8:13 PM Michael A. Peters <mpet...@domblogger.net> wrote: On 07/23/2017 03:33 PM, Michael A. Peters wrote: On 07/23/2017 02:42 PM, Qebui Nehebkau wrote:

Re: [whatwg] header for JSON-LD ???

On 07/24/2017 04:43 PM, Qebui Nehebkau wrote: On 24 July 2017 at 19:21, Michael A. Peters <mpet...@domblogger.net> wrote: But if you define your structured data as attributes then information about the other 11 is not available to machines that fetch the page and want to know what th

Re: [whatwg] Allow alt attribute with the span element

On 10/06/2017 08:44 AM, Léonie Watson wrote: On 06/10/2017 11:26, Michael A. Peters wrote: Nope, no problem at all. That looks like a simple solution I did not find. Thank you. Note that you need to provide an explicit role on the span if you use aria-label to provide its accessible name

[whatwg] Allow alt attribute with the span element

With images, the alt attribute can and should be used to give a description of an image for users who can not see the image. With text, some glyphs are pictographs that have a meaning. For example, U+1F502 is a pictograph indicating single loop, but it is meaningless if you can not see it.

Re: [whatwg] Allow alt attribute with the span element

uld do exactly what you're asking for in the given scenario. On Fri, Oct 6, 2017 at 11:15 AM, Michael A. Peters <mpet...@domblogger.net <mailto:mpet...@domblogger.net>> wrote: With images, the alt attribute can and should be used to give a description of an image for users who can

Re: [whatwg] JavaScript function for closing tags

On 10/16/2017 10:08 AM, Roger Hågensen wrote: On 2017-10-14 10:13, Michael A. Peters wrote: I use TextTrack API but it's documention does not specify that it closes open tags within a cue, in fact I'm fairly certain it doesn't because some people use it for json and other related none tag

[whatwg] JavaScript function for closing tags

There does not seem to be a JavaScript API for closing open tags. This is problematic when dealing with WebVTT which does not require tags be closed. Where it is the biggest problem is when the document is being served as XML+XHTML I tried the following hack which seemed to be working:

Re: [whatwg] JavaScript function for closing tags

. On 10/14/2017 12:46 AM, Silvia Pfeiffer wrote: Hi Michael, It seems to me that the TextTrack API is made for this use case. Why does it not work for you? Cheers, Silvia. On Sat, Oct 14, 2017 at 4:36 PM, Michael A. Peters <mpet...@domblogger.net> wrote: There does not seem to be a JavaScri

Re: [whatwg] new tag and possible new aria role

Thank you! That does seem like it is exactly what I need. On 11/12/2017 12:11 AM, Yay295 wrote: I think the alertdialog role fits here. https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques/Using_the_alertdialog_role On Sun, Nov 12, 2017 at 1:03 AM, Michael A. Peters

Re: [whatwg] new tag and possible new aria role

: There is another problem with Modals on webpages. When there is a modal created through HTML and CSS, the user can still select items in the background by pressing tab. It seems that there is no good solution to prevent it. Am 12.11.2017 um 09:59 schrieb Michael A. Peters: Thank you! That does

Re: [whatwg] new tag and possible new aria role

wrote: There is another problem with Modals on webpages. When there is a modal created through HTML and CSS, the user can still select items in the background by pressing tab. It seems that there is no good solution to prevent it. Am 12.11.2017 um 09:59 schrieb Michael A. Peters: Thank you

[whatwg] new tag and possible new aria role

On webites that either are age restricted and/or have content that may be offensive to some people, often (but not as often as I'd like) there is a warning splashscreen that the server puts in the page if the user has not already agreed to see such content. One way to do this is with a div

Re: [whatwg] HTML tags for POEM and MUSIC LYRICS

On 12/11/2017 04:30 AM, Jirka Kosek wrote: On 11.12.2017 11:39, Christoph Päper wrote: As with and , HTML could also add or something similar to embed MusicXML. Lyrics are a subset of musical notation and poems are, arguably, a special kind of lyrics (or the other way around). This would