html icon indicating copy to clipboard operation
html copied to clipboard
verified publisher icon whatwg

Move the allow declarative shadow roots flag to the parser

Open foolip opened this issue 4 weeks ago • 8 comments

  • [ ] At least two implementers are interested (and none opposed):
  • [ ] Tests are written and can be reviewed and commented upon at:
  • [ ] Implementation bugs are filed:
    • Chromium: …
    • Gecko: …
    • WebKit: …
    • Deno (only for timers, structured clone, base64 utils, channel messaging, module resolution, web workers, and web storage): …
    • Node.js (only for timers, structured clone, base64 utils, channel messaging, and module resolution): …
  • [ ] Corresponding HTML AAM & ARIA in HTML issues & PRs:
  • [ ] MDN issue is filed: …
  • [ ] The top of this comment includes a clear commit message to use.

(See WHATWG Working Mode: Changes for more details.)

/document-lifecycle.html ( diff ) /document-sequences.html ( diff ) /dynamic-markup-insertion.html ( diff ) /infrastructure.html ( diff ) /parsing.html ( diff )

foolip avatar Nov 27 '25 11:11 foolip

This doesn't work yet, but uploading just to confirm the desired behavior.

From my reading of Blink, this flag is disabled for innerHTML, outerHTML, insertAdjacentHTML(), and createContextualFragment() unless trusted types is used, and otherwise enabled.

@noamr please correct me if I'm wrong.

@annevk does that match WebKit as well?

foolip avatar Nov 27 '25 11:11 foolip

As an editorial matter, I think I'd like the "Each HTML parser has a something flag" style, but I didn't make that change yet.

foolip avatar Nov 27 '25 11:11 foolip

It being conditional on Trusted Types in any way seems like a bug. cc @lukewarlow

annevk avatar Nov 27 '25 12:11 annevk

Yeah it shouldn't change based on TT and reading the blink code I don't think it does.

Range::createContextualFragment does the trusted types dance then later on calls into blink::createContextualFragment which has ParseDeclarativeShadowRoots::kDontParse.

lukewarlow avatar Nov 27 '25 12:11 lukewarlow

If it doesn't depend on TT it's even simpler, basically the "legacy" HTML setting methods don't get declarative shadow roots and in every other context they're enabled. Tests are needed to confirm the TT behavior though.

foolip avatar Nov 27 '25 12:11 foolip

From my reading of Blink, this flag is disabled for innerHTML, outerHTML, insertAdjacentHTML(), and createContextualFragment()

Fwiw it's also disabled for execCommand("insertHTML", html) but that's... Well that's execCommand...

lukewarlow avatar Nov 27 '25 12:11 lukewarlow

basically the "legacy" HTML setting methods

Being pedantic but just to be clear, iframe.srcdoc does support declarative shadow roots, but admittedly that's a rather odd case. I think your point is correct though, the legacy methods/setters don't support it, and the newer ones and all going forwards probably will.

lukewarlow avatar Nov 27 '25 12:11 lukewarlow

Also editorial: we don't want "flags" for new things, just associated fields that are booleans.

annevk avatar Nov 27 '25 13:11 annevk