From 768b3268250cf7a237168103eb19716936008cd6 Mon Sep 17 00:00:00 2001 From: Brian Kardell <> Date: Fri, 31 Jan 2020 14:21:26 -0500 Subject: [PATCH 1/7] Rename HTMLOrSVGElement to reflect its wider use in MathML as well --- source | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/source b/source index d0ae6452289..75ad4c12c26 100644 --- a/source +++ b/source @@ -7114,9 +7114,9 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute

Elements that have a nonce content attribute ensure that the crytographic nonce is only exposed to script (and not to side-channels like CSS attribute selectors) by extracting the value from the content attribute, moving it into an internal slot - named [[CryptographicNonce]], and exposing it to script via the - HTMLOrSVGElement interface mixin. Unless otherwise specified, the slot's value + HTMLOrForeignElement interface mixin. Unless otherwise specified, the slot's value is the empty string.

@@ -7128,13 +7128,13 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute

The nonce IDL + data-dfn-for="HTMLOrForeignElement">nonce IDL attribute must, on getting, return the value of this element's [[CryptographicNonce]]; and on setting, set this element's [[CryptographicNonce]] to the given value.

Note how the setter for the nonce IDL attribute does not update the corresponding + data-x="dom-HTMLOrForeignElement-nonce">nonce IDL attribute does not update the corresponding content attribute. This, as well as the below setting of the nonce content attribute to the empty string when an element becomes browsing-context connected, is meant to prevent exfiltration of the nonce @@ -7142,11 +7142,11 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute issue #2369, where this behavior was introduced.

-

Whenever an element including HTMLOrSVGElement has its Whenever an element including HTMLOrForeignElement has its nonce attribute is set or changed, set this element's [[CryptographicNonce]] to the given value.

-

Whenever an element including HTMLOrSVGElement becomes browsing-context +

Whenever an element including HTMLOrForeignElement becomes browsing-context connected, the user agent must execute the following steps on the element:

    @@ -7174,7 +7174,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute creation and initialization.

    The cloning steps for elements that include - HTMLOrSVGElement must set the [[CryptographicNonce]] slot on the copy + HTMLOrForeignElement must set the [[CryptographicNonce]] slot on the copy to the value of the slot on the element being cloned.

    @@ -10216,7 +10216,7 @@ interface HTMLElement : Element { HTMLElement includes GlobalEventHandlers; HTMLElement includes DocumentAndElementEventHandlers; HTMLElement includes ElementContentEditable; -HTMLElement includes HTMLOrSVGElement; +HTMLElement includes HTMLOrForeignElement; [Exposed=Window] interface HTMLUnknownElement : HTMLElement { @@ -10267,12 +10267,12 @@ interface HTMLUnknownElement : HTMLElement { -

    Features shared between HTML and SVG elements use the HTMLOrSVGElement interface +

    Features shared between HTML, SVG and MathML elements use the HTMLOrForeignElement interface mixin:

    - 
    interface mixin HTMLOrSVGElement {
+  
    interface mixin HTMLOrForeignElement {
   [SameObject] readonly attribute DOMStringMap dataset;
-  attribute DOMString nonce; // intentionally no [CEReactions]
+  attribute DOMString nonce; // intentionally no [CEReactions]
 
   [CEReactions] attribute boolean autofocus;
   [CEReactions] attribute long tabIndex;
@@ -126042,3 +126042,4 @@ INSERT INTERFACES HERE
 
  
 
+

From 2726e9c26755c1a422ffefdd8cae1cfc587c1211 Mon Sep 17 00:00:00 2001
From: Brian Kardell <>
Date: Fri, 31 Jan 2020 14:46:08 -0500
Subject: [PATCH 2/7] Remove trailing newline(s)

---
 source | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/source b/source
index 75ad4c12c26..4e8606967e5 100644
--- a/source
+++ b/source
@@ -4060,14 +4060,14 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
     (MathML):
    
 
     
      
-     
    • MathML annotation-xml element
      • 
-     
    • MathML math element
      • 
-     
    • MathML merror element
      • 
-     
    • MathML mi element
      • 
-     
    • MathML mn element
      • 
-     
    • MathML mo element
      • 
-     
    • MathML ms element
      • 
-     
    • MathML mtext element
      • 
+     
    • MathML annotation-xml element
      • 
+     
    • MathML math element
      • 
+     
    • MathML merror element
      • 
+     
    • MathML mi element
      • 
+     
    • MathML mn element
      • 
+     
    • MathML mo element
      • 
+     
    • MathML ms element
      • 
+     
    • MathML mtext element
      • 
     
    
    
 
@@ -124592,7 +124592,7 @@ INSERT INTERFACES HERE
    
    (Non-normative) The 'mailto' URI scheme, M. Duerst, L. Masinter, J. Zawinski. IETF.
    
 
    
    [MATHML]
    
-   
    Mathematical Markup Language (MathML), D. Carlisle, P. Ion, R. Miner. W3C.
    
+   
    Mathematical Markup Language (MathML), D. Carlisle, P. Ion, R. Miner. W3C.
    
 
    
    [MEDIAFRAG]
    
    
    Media Fragments URI, R. Troncy, E. Mannens, S. Pfeiffer, D. Van Deursen. W3C.
    
@@ -126041,5 +126041,4 @@ INSERT INTERFACES HERE
   
 
  
-
-
+
\ No newline at end of file

From 66411d9bcdeb4890484ea6fa3a726f6c75b1bcf3 Mon Sep 17 00:00:00 2001
From: Brian Kardell <>
Date: Fri, 31 Jan 2020 14:55:01 -0500
Subject: [PATCH 3/7] undo accidental changes, just remove newline

---
 source | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/source b/source
index 4e8606967e5..f31ffc0967b 100644
--- a/source
+++ b/source
@@ -4060,14 +4060,14 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
     (MathML):
    
 
     
      
-     
    • MathML annotation-xml element
      • 
-     
    • MathML math element
      • 
-     
    • MathML merror element
      • 
-     
    • MathML mi element
      • 
-     
    • MathML mn element
      • 
-     
    • MathML mo element
      • 
-     
    • MathML ms element
      • 
-     
    • MathML mtext element
      • 
+     
    • MathML annotation-xml element
      • 
+     
    • MathML math element
      • 
+     
    • MathML merror element
      • 
+     
    • MathML mi element
      • 
+     
    • MathML mn element
      • 
+     
    • MathML mo element
      • 
+     
    • MathML ms element
      • 
+     
    • MathML mtext element
      • 
     
    
    
 
@@ -124592,7 +124592,7 @@ INSERT INTERFACES HERE
    
    (Non-normative) The 'mailto' URI scheme, M. Duerst, L. Masinter, J. Zawinski. IETF.
    
 
    
    [MATHML]
    
-   
    Mathematical Markup Language (MathML), D. Carlisle, P. Ion, R. Miner. W3C.
    
+   
    Mathematical Markup Language (MathML), D. Carlisle, P. Ion, R. Miner. W3C.
    
 
    
    [MEDIAFRAG]
    
    
    Media Fragments URI, R. Troncy, E. Mannens, S. Pfeiffer, D. Van Deursen. W3C.
    

From 543940f78c2064761f410379b177a0c5363bc22e Mon Sep 17 00:00:00 2001
From: Brian Kardell <>
Date: Fri, 31 Jan 2020 14:57:39 -0500
Subject: [PATCH 4/7] ...one new line

---
 source | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source b/source
index f31ffc0967b..0ed8d353f0d 100644
--- a/source
+++ b/source
@@ -126041,4 +126041,4 @@ INSERT INTERFACES HERE
   
 
  
-
\ No newline at end of file
+

From 1cf5d8f97269f778691100ac189efb446d5ed4f2 Mon Sep 17 00:00:00 2001
From: Brian Kardell <>
Date: Fri, 31 Jan 2020 15:21:44 -0500
Subject: [PATCH 5/7] Revert "...one new line"

This reverts commit 543940f78c2064761f410379b177a0c5363bc22e.
---
 source | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source b/source
index 0ed8d353f0d..f31ffc0967b 100644
--- a/source
+++ b/source
@@ -126041,4 +126041,4 @@ INSERT INTERFACES HERE
   
 
  
-
+
\ No newline at end of file

From 7e22e82f34faa55d607d7e509a3bf5185a70cc90 Mon Sep 17 00:00:00 2001
From: Brian Kardell <>
Date: Fri, 31 Jan 2020 16:03:31 -0500
Subject: [PATCH 6/7] Rename HTMLOrSVGElement to reflect its wider use in
 MathML as well

---
 source | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/source b/source
index d0ae6452289..0ed8d353f0d 100644
--- a/source
+++ b/source
@@ -7114,9 +7114,9 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
   
    Elements that have a nonce content attribute ensure that the
   crytographic nonce is only exposed to script (and not to side-channels like CSS attribute
   selectors) by extracting the value from the content attribute, moving it into an internal slot
-  named [[CryptographicNonce]], and exposing it to script via the
-  HTMLOrSVGElement interface mixin. Unless otherwise specified, the slot's value
+  HTMLOrForeignElement interface mixin. Unless otherwise specified, the slot's value
   is the empty string.
    
 
   
    
@@ -7128,13 +7128,13 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
   
    
 
   
    The nonce IDL
+  data-dfn-for="HTMLOrForeignElement">nonce IDL
   attribute must, on getting, return the value of this element's
   [[CryptographicNonce]]; and on setting, set this element's
   [[CryptographicNonce]] to the given value.
    
 
   
    Note how the setter for the nonce IDL attribute does not update the corresponding
+  data-x="dom-HTMLOrForeignElement-nonce">nonce IDL attribute does not update the corresponding
   content attribute. This, as well as the below setting of the nonce content attribute to the empty string when an element
   becomes browsing-context connected, is meant to prevent exfiltration of the nonce
@@ -7142,11 +7142,11 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
   issue #2369, where this behavior was
   introduced.
    
 
-  
    Whenever an element including HTMLOrSVGElement has its Whenever an element including HTMLOrForeignElement has its nonce attribute is set or changed, set this element's
   [[CryptographicNonce]] to the given value.
    
 
-  
    Whenever an element including HTMLOrSVGElement becomes browsing-context
+  
    Whenever an element including HTMLOrForeignElement becomes browsing-context
   connected, the user agent must execute the following steps on the element:
    
 
   
      
@@ -7174,7 +7174,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
   creation and initialization.
      
 
   
      The cloning steps for elements that include
-  HTMLOrSVGElement must set the [[CryptographicNonce]] slot on the copy
+  HTMLOrForeignElement must set the [[CryptographicNonce]] slot on the copy
   to the value of the slot on the element being cloned.
      
 
 
@@ -10216,7 +10216,7 @@ interface HTMLElement : Element {
 HTMLElement includes GlobalEventHandlers;
 HTMLElement includes DocumentAndElementEventHandlers;
 HTMLElement includes ElementContentEditable;
-HTMLElement includes HTMLOrSVGElement;
+HTMLElement includes HTMLOrForeignElement;
 
 [Exposed=Window]
 interface HTMLUnknownElement : HTMLElement {
@@ -10267,12 +10267,12 @@ interface HTMLUnknownElement : HTMLElement {
 
   
 
-  
      Features shared between HTML and SVG elements use the HTMLOrSVGElement interface
+  
      Features shared between HTML, SVG and MathML elements use the HTMLOrForeignElement interface
   mixin: 
      
 
-  
      interface mixin HTMLOrSVGElement {
+  
      interface mixin HTMLOrForeignElement {
   [SameObject] readonly attribute DOMStringMap dataset;
-  attribute DOMString nonce; // intentionally no [CEReactions]
+  attribute DOMString nonce; // intentionally no [CEReactions]
 
   [CEReactions] attribute boolean autofocus;
   [CEReactions] attribute long tabIndex;

From cf5b53fb3c671f1cc125d162b0970a01dc142ea2 Mon Sep 17 00:00:00 2001
From: Brian Kardell <>
Date: Thu, 12 Mar 2020 15:15:07 -0400
Subject: [PATCH 7/7] update to match historical default tabindexes to match
 and specify linkable MathML elements... test updates to follow

---
 source | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source b/source
index f31ffc0967b..43518a41d05 100644
--- a/source
+++ b/source
@@ -4068,6 +4068,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
      
    1. MathML mo element
      2. 
      
    2. MathML ms element
      3. 
      
    3. MathML mtext element
      4. 
+     
    4. MathML mrow element
      5. 
     
    
 
@@ -74617,7 +74618,7 @@ END:VCARD
      
   attribute. The default value is 0 if the element is an a, area,
   button, frame, iframe, input,
   object, select, textarea, or SVG
-  a element, or is a summary element that is a summary for
+  a element, or is a MathML hyperlinking element (mi, mo, mn, ms, mtext, or mrow), or is a summary element that is a summary for
   its parent details. The default value is −1 otherwise.
      
 
   
      The varying default value based on element type is a historical artifact.