| 30 Sep 2022 |
 annevk | Domenic: for CORS and new APIs we wanted to avoid it | 08:35:05 |
| annevk | Domenic: stripping could work too btw, but have to be careful with redirects and service workers | 08:38:40 |
 Domenic |
If there’s an authentication entry for httpRequest and either httpRequest’s use-URL-credentials flag is unset or httpRequest’s current URL does not include credentials, then set authorizationValue to authentication entry.
This is not great, "authentication entry" is a concept but I think it's saying to extract the credentials from the URL... Will file an editorial issue I guess.
| 08:39:04 |
| annevk | Domenic: well an authentication entry is the user agent having authorization data for some URL, but if there's also credentials in the URL itself those might override that | 08:40:33 |
| annevk | Domenic: those used to be the semantics, but I'm not really sure what has happened in the intervening years as there's been a bunch of interventions with poor cross-browser coordination | 08:41:05 |
| Domenic | Yeah I mean I'd at least expect this to say "the authentication entry for the URL", ideally with an algorithm detailing how to extract the username/password components from the URL itself. | 08:41:16 |
| annevk | Yeah, there's definitely a bunch of XXX around this | 08:42:41 |
| Domenic | OK, two issues and a PR later, I think I'm done shaving this yak... | 08:52:45 |
 sideshowbarker | speaking of yak shaving… let me present https://github.com/whatwg/html/pull/8338 | 08:59:29 |
| sideshowbarker | PR-preview rendered output at https://whatpr.org/html/8338/syntax.html#start-tags (step 6) | 09:00:07 |
| sideshowbarker | * PR-preview rendered output at https://whatpr.org/html/8338/syntax.html#start-tags (step 6)
Then, if the element is one of the void elements, or if the element is a foreign element, then there may be a single U+002F SOLIDUS character (/), which on foreign elements marks the start tag as self-closing but on void elements does not mark the start tag as self-closing but instead is unnecessary and has no effect of any kind and should be used only with caution — especially since, if directly preceded by an unquoted attribute value, it becomes part of the attribute value rather than being discarded by the parser.
| 09:03:09 |
| sideshowbarker | * PR-preview rendered output at https://whatpr.org/html/8338/syntax.html#start-tags (step 6)
Then, if the element is one of the void elements, or if the element is a foreign element, then there may be a single U+002F SOLIDUS character (/), which on foreign elements marks the start tag as self-closing but on void elements does not mark the start tag as self-closing but instead is unnecessary and has no effect of any kind and should be used only with caution — especially since, if directly preceded by an unquoted attribute value, it becomes part of the attribute value rather than being discarded by the parser.
| 09:04:07 |
|  Ms2ger 💉💉💉 changed their display name from Ms2ger 💉💉 to Ms2ger 💉💉💉. | 11:12:58 |
 karlcow | would there be a use case for this.
such as, no we do not want to let you put your login and password in there, but the request is going through and the site will send you an authentification challenge instead for this URL so you can log in more securely instead of just failing. | 11:17:10 |
 Jake Archibald | sideshowbarker: https://twitter.com/mcmillanstu/status/1575579706556002304 😀 | 11:36:45 |
| sideshowbarker | In reply to @jakea:matrix.org
sideshowbarker: https://twitter.com/mcmillanstu/status/1575579706556002304 😀 Thanks 😆 I think I like this guy — but I think I’m also glad he and others don’t know who’s actually guilty (or where I live)… | 11:41:11 |
|  sdkaluwitharana joined the room. | 14:54:48 |
|  Drew Hintz joined the room. | 17:51:51 |
| Drew Hintz | Hi! Is there a process for asking for a review/merge on html5lib-python?
I opened a small low-risk PR: https://github.com/html5lib/html5lib-python/pull/547 | 17:53:42 |
| sideshowbarker | Sam Sneddon [:gsnedders]: ↑ | 21:31:23 |
| karlcow | better to ask jgraham for this PR. | 21:34:50 |
| 1 Oct 2022 |
|  Gersonzao set a profile picture. | 00:22:38 |
| annevk | Domenic: can you get me one of these? https://twitter.com/googlejapan/status/1576014429845594113 | 15:02:55 |
|  Faby Torres joined the room. | 22:59:37 |
|  martin (pto until 6/10) changed their display name from martin to martin (pto until 6/10). | 23:26:26 |
| 2 Oct 2022 |
| Domenic | Is that real?? They keep creating fun keyboard April Fools like https://www.youtube.com/watch?v=5LI1PysAlkU but the day is not April 1... | 05:43:37 |
| Domenic | Last October 1 there was a cup keyboard so maybe October 1 is a special day?? https://www.youtube.com/watch?v=20pC05yisRM | 05:46:01 |
| Domenic | (Maybe this is what threads are for...) | 05:46:11 |
| sideshowbarker | I guess https://github.com/whatwg/html/pull/8344 marks the start of Hacktoberfest… | 06:55:47 |
| Domenic | It's opt-in this year so I'm a bit more optimistic... but we'll see how many people read the directions. | 07:09:51 |
