Contact emails
[email protected], [email protected]

Explainer
https://github.com/WICG/declarative-partial-updates/blob/main/dynamic-markup-revamped-explainer.md


Specification
https://github.com/WICG/declarative-partial-updates/blob/main/dynamic-markup-revamped-explainer.md#resulting-api


Summary
Expose multiple HTML setting methods that provide a coherent story for 
dynamically inserting markup into an existing document. - Positional methods 
(before/after/append/prepend/replaceWith) that take HTML as argument, 
effectively replacing insertAdjacentHTML. - Streaming methods 
(stream{Append}HTML{Unsafe}) which return a WritableStream - Passing 
{runScripts} as part of SetHTMLUnsafeOptions, mimicking 
createContextualFragment behavior. - Supporting createParserOptions in trusted 
types, allowing trusted types to override scripting mode and sanitizer.


Blink component
Blink>HTML>Parser


Web Feature ID
Missing feature


Motivation
Updating HTML dynamically from script has multiple disjointed API, each with 
its own subtle differences. Developers can partially update an element using 
insertAdjacentHTML, use sanitizer with setHTML, execute scripts with 
createContextualFragment, stream with detached documents. This can be confusing 
and frustrating to web developers, as well as create bugs or security issues if 
the differences are not well understood. This change replaces those with a 
coherent set of methods and arguments, that use the same settings 
(sanitizer/runScripts) with different variants (where to insert the HTML, 
stream/one-shot, safe/unsafe) as well as the same support in trusted types.


Initial public proposal
https://github.com/whatwg/html/issues/11669


TAG review
No information provided


TAG review status
Issues addressed


Goals for experimentation
None


Risks




Interoperability and Compatibility
See "anticipated spec changes". Because this is not fully standardized yet, 
there is some risk that some of the API will change between shipping and 
landing the standards change. Note that the proposed API was up for scrutiny 
for almost a year and hasn't gone through substantial changes.

Gecko: No signal (https://github.com/mozilla/standards-positions/issues/1370) 
(It's in "suggests positive" state)

WebKit: No signal (https://github.com/WebKit/standards-positions/issues/629) 
Note: WebKit folks have been active in the feature's design, despite not filing 
an official positive position yet.

Web developers: Positive (https://github.com/whatwg/html/issues/2142) See also 
https://github.com/whatwg/html/issues/10122

Other signals:


Security
Since this is about dynamic markup insertion, XSS needs to be carefully 
handled, and specifically integration with the sanitizer and trusted types. 
This has been a major design consideration.


WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it 
has potentially high risk for Android WebView-based applications?
No information provided



Debuggability
No information provided


Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, 
ChromeOS, Android, and Android WebView)?
Yes


Is this feature fully tested by web-platform-tests?
Yes
https://wpt.fyi/results/domparsing/tentative?label=master&label=experimental&aligned


Flag name on about://flags
No information provided


Finch feature name
NewHTMLSettingMethods


Rollout plan
Will ship enabled for all users


Requires code in //chrome?
False


Tracking bug
https://issues.chromium.org/issues/491743369


Adoption plan
A fully functional polyfill is already available at 
https://github.com/GoogleChromeLabs/html-setters-polyfill


Estimated milestones


Shipping on desktop 152

DevTrial on desktop 148

Shipping on Android 152

DevTrial on Android 148

Shipping on WebView 152




Anticipated spec changes

Open questions about a feature may be a source of future web compat or interop 
issues. Please list open issues (eg links to known github issues in the project 
for the feature specification) whose resolution may introduce web 
compat/interop risk (eg, changing to naming or structure of the API in a 
non-backward-compatible way).
Nothing, I hope, but this is in the process of being upstreamed. So it's 
possible that some changes will be made after shipping. The comments on this is 
in recent weeks were quite on the cosmetic side, around the trusted-types 
integration.


Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5054329641893888?gate=5996320374521856


This intent message was generated by Chrome Platform Status.

-- 
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/6a58fb78.ad00fef9.6eea1.0188.GAE%40google.com.

Reply via email to