惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Full Disclosure
Stack Overflow Blog
Stack Overflow Blog
H
Help Net Security
Microsoft Azure Blog
Microsoft Azure Blog
The GitHub Blog
The GitHub Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Recorded Future
Recorded Future
Y
Y Combinator Blog
Cloudbric
Cloudbric
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Schneier on Security
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
C
Cybersecurity and Infrastructure Security Agency CISA
TaoSecurity Blog
TaoSecurity Blog
Security Latest
Security Latest
N
News and Events Feed by Topic
Hacker News - Newest:
Hacker News - Newest: "LLM"
D
DataBreaches.Net
Security Archives - TechRepublic
Security Archives - TechRepublic
H
Hacker News: Front Page
C
Cisco Blogs
L
LangChain Blog
aimingoo的专栏
aimingoo的专栏
Recent Commits to openclaw:main
Recent Commits to openclaw:main
V
Vulnerabilities – Threatpost
L
LINUX DO - 最新话题
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Google Online Security Blog
Google Online Security Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
A
About on SuperTechFans
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Jina AI
Jina AI
C
CXSECURITY Database RSS Feed - CXSecurity.com
Schneier on Security
Schneier on Security
T
Tenable Blog
N
News and Events Feed by Topic
W
WeLiveSecurity
有赞技术团队
有赞技术团队
AI
AI
爱范儿
爱范儿
大猫的无限游戏
大猫的无限游戏
Latest news
Latest news
T
The Blog of Author Tim Ferriss
S
Security Affairs
Know Your Adversary
Know Your Adversary
Simon Willison's Weblog
Simon Willison's Weblog
G
GRAHAM CLULEY
Google DeepMind News
Google DeepMind News
The Cloudflare Blog

Recent Commits to html:main

Mark <base> as Unsafe for sanitization · whatwg/html@c38efee Serialize processing instructions with "?>" at the end Editorial: merge the text track concept into TextTrack Editorial: modernize TextTrack members Remove categories of select/optgroup/option element inner content ele… Editorial: reword 3 grammatically ambiguous sentences · whatwg/html@e481423 Editorial: modernize various dimension getters Editorial: modernize srcObject getter & setter · whatwg/html@e5749bd Fix URL comparison when processing internal resource links · whatwg/html@d86584e Editorial: update PropertyDescriptor [[Get]]/[[Set]] to [[Getter]]/[[… · whatwg/html@6441ae6 Meta: remove Twitter link · whatwg/html@5a226a2 Fix backwards test of element's dirty value flag · whatwg/html@4adc122 Support processing instructions in HTML · whatwg/html@320c05f Expose redirectCount for TAO opted-in navigation redirect chains · whatwg/html@b94ff88 Define option and optgroup rendering better · whatwg/html@ab99fc3 Meta: improve PR Preview, part 2 · whatwg/html@8d80ce1 Meta: export Sanitizer/configure · whatwg/html@acc064b Meta: improve PR Preview · whatwg/html@3057476 Clarify step 4.3 of adoption agency algorithm · whatwg/html@9f50934 Editorial: spell roundtrip without hyphen · whatwg/html@c560a56 Meta: remove bogus files · whatwg/html@126aea6
Refactor fragment parsing algorithm to match implementations · whatwg/html@4c4c813
whatwg · 2026-07-09 · via Recent Commits to html:main

Skip to content

Navigation Menu

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sign up

Commit 4c4c813

noamrannevk

and

authored

Refactor fragment parsing algorithm to match implementations

This makes a few key changes to the fragment parsing workflow, to better match existing implementations and tests. - Instead of inserting elements to a fake root element of a connected inert document and then appending them to a `DocumentFragment`, we let the parser insert the root's children straight into that `DocumentFragment`. This introduces an "root insertion target", which is a `DocumentFragment` to insert into if the parser wants to insert nodes into the root. - In addition to keeping "allow declarative shadow roots" directly on the document, it becomes a parser flag. This removes some confusion that makes some subtle cases use the wrong setting. It is still kept on the document so that it sticks for the "document opening steps" (`document.open()` of a document created elsewhere). - The custom element registry is taken from the target of the fragment parse rather than from the context document. Together with the other changes, this essential for picking the correct registry, e.g., when calling `shadowRoot.innerHTML`. Note that this changes the specified behavior of `template.innerHTML` to have a null registry - this aligns with current implementations and can be changed in a follow-up together with implementation/test changes. - The fragment parsing algorithms take in the target of the parse and infer the context element from that (i.e., it's either the target itself, or its fragment host if it's a `DocumentFragment`). - The "adjusted insertion location" algorithm is separate from the "appropriate place from inserting a node", as the parser internals make some decisions based on the "intended parent" which should remain unchanged by this PR. - The adjusted insertion location" is also an enabler that can be used later on for HTML streaming and sanitize-while-parsing, as it can be the context element instead of the intermediate fragment. - The intermediate inert document is still around. It is needed to avoid creation-time side effects like image loading and custom element constructors from occurring before sanitization. The above changes are a lot closer to how Chromium implements fragment parsing (and given the passing tests, likely WebKit and Gecko as well). Existing tests are aligned with implementations already. Additional tests: web-platform-tests/wpt#61042. Closes #11023 and closes #12661. Co-authored-by: Anne van Kesteren <annevk@annevk.nl>

1 file changed

Lines changed: 164 additions & 135 deletions

File tree