Re: [whatwg/dom] Request for mechanism to determine if children changed steps are called as a result of script or parser (Issue #1288) from Dominic Farolino on 2024-06-14 (public-webapps-github@w3.org from June 2024)

From: Dominic Farolino <notifications@github.com>
Date: Fri, 14 Jun 2024 07:26:50 -0700
To: whatwg/dom <dom@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/dom/issues/1288/2168164096@github.com>

I am interested in two things here.

1. The integrity of the "is changed by API" bit that Chromium maintains. Are we positive that it is accurate in the ways we expect it to be here? I did just a little bit of digging and I found that unconditionally in the [ContainerNode::RemoveChildren() path, the ChildrendChangedSource is always `kAPI`](https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/core/dom/container_node.cc;l=931;drc=90cac1911508d3d682a67c97aa62483eb712f69a). But this is a very broad method that covers a ton of cases, and I'm wondering if it sometimes covers parser-only cases that get treated as `kAPI` cases incorrectly. For example, I found that when an HTMLInputElement gets its `type` updated, possibly as a result of a parser(I think), we go through this flow: [HTMLInputElement::ParseAttribute](https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/core/html/forms/html_input_element.cc;l=859;drc=90cac1911508d3d682a67c97aa62483eb712f69a) --> [HTMLInputElement::UpdateType](https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/core/html/forms/html_input_element.cc;l=579;drc=90cac1911508d3d682a67c97aa62483eb712f69a) --> [HTMLInputElement::SetInnerEditorValue()](https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/core/html/forms/html_input_element.cc;l=1264;drc=90cac1911508d3d682a67c97aa62483eb712f69a) --> [ReplaceChildrenWithText --> ContainerNode::RemoveChildren](https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/core/editing/serializers/serialization.cc;l=850;drc=90cac1911508d3d682a67c97aa62483eb712f69a). This kind of seems like innocent parser changes can trigger the children changed flow with the `kAPI` flag set incorrectly. I'll be honest I haven't spent too much time debugging this case to know whether my speculation is right or not, but specifically I'm interested in understanding if all browsers (that implement this extra non-specified bit) match _in all scenarios_.
2. The point made by @annevk in https://github.com/w3c/trusted-types/pull/499#discussion_r1570866195 about whether we derive this bit of information based on **(a)** "invalidation" (I am actually not sure what this means. Is there a common dfn somewhere), or **(b)** comparing pre-insert and post-insert children contents to detect mid-parsing API intervention [^1].

[^1]: One point I am not clear on is: is it possible for a node's children to be changed during parser as a result of a non-API action? Like, can the parser itself be responsible for under any scenario?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/dom/issues/1288#issuecomment-2168164096
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/dom/issues/1288/2168164096@github.com>

Received on Friday, 14 June 2024 14:26:54 UTC