-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make the HTML parser put audio/video/source/iframe/canvas-in-svg into the HTML namespace #919
Comments
@tabatkins will you try to make a patch or is this for us to figure out? Also, is there a public discussion somewhere where the SVG community says they want to change the HTML parser to this effect? |
I'm willing to write a patch if you want.
I'm not sure what you mean. The SVGWG is only marginally concerned with embedded SVG - the parser for that is HTML's responsibility. (That said, there has been discussion about defining a way to do standalone SVG by just jumping straight into HTML's foreign-content parser. But that's a different issue.) |
I'm curious whether this is your idea, or whether this is something that multiple implementers and developers want. |
The first part (making some HTML elements work in SVG) is an SVGWG-approved thing, with implementor approval. Altering embedded-SVG parsing hasn't been explicitly discussed much, but it's an obvious outgrowth, given that it's impossible to do html-namespace elements in embedded SVG currently. (In particular, wanting |
I guess we should also do this for all custom elements? |
Are custom elements automatically in the HTML namespace when you register them? If so, then definitely yes. (Same with |
Yep |
For cross-reference, the issue on the SVG WG spec tracking this: w3c/svgwg#240 I would definitely agree with @tabatkins that SVG's adoption of iframe, canvas, video, and audio is of limited use without HTML parser recognition. I would be more cautious about picture (which SVG doesn't yet recognize) and custom elements (since SVG would like to eventually be able to define our own custom elements, which can be created as extensions of SVGElement, not HTMLElement). |
For reference, we've discussed the possibilities for better integrating HTML and SVG many times in the past including a few members of the SVG WG meeting up with Hixie over lunch a few years back to discuss this (notes). I I think this has had pretty significant discussion and the proposal here is fairly conservative but still very useful. (Not sure about An external contributor is interested in implementing this in Gecko so I'd like to resolve this issue. |
@birtles changing the HTML parser will require support from at least two implenters (ideally all), tests, and a PR for the HTML Standard. Implementing before those are in place would be premature. |
I'm pretty sure tests would be included in the PR Tab is offering to write 😉 @hsivonen, @rniwa, @zcorpan, @pmeenan, @sideshowbarker, @jacobrossi any concerns about making the HTML parser put a limited whitelist of HTML elements (iframe/video/audio/canvas) in an SVG subtree in the HTML namespace? (None of the elements in the list trigger HTML's "escape foreign content mode" behavior.) |
I think this would change the behavior of tags that do escape foreign lands inside these elements. The spec says for such tags:
https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-inforeign So in |
@zcorpan This does mean that some elements which currently auto-close an |
By the way, if you're going ahead with adding a whitelist, it might be nice to also include the HTML metadata elements mentioned in https://svgwg.org/svg2-draft/struct.html#HTMLMetadataElements, specifically These elements were mainly added to the content model so that they can be used in
|
I think iframe is no easier or more difficult than any of the others: it can also have fallback content. As far as I understand the spec, although the "allowed content model" is only text in HTML and nothing in XML, the HTML parser still parses it as a full fragment:
I'd rather get all the necessary changes into the parser spec at once. But if others think it would be easy to make an exception for empty iframe, that would still be something. |
If you want to make a change I suggest you do it all at once and come with a complete plan for the changes, tests, and implementer commitments. Making piecemeal changes to the HTML parser is not desirable. |
I think we shouldn't do this. HTML parsing is security-sensitive. HTML producers need to be able to rely on how a given piece of HTML parses in order to be able to implement XSS-safe HTML generation. From this perspective, there's a lot of value in multiple browser engines having converged on a single parsing algorithm. We shouldn't change the algorithm just to add convenience for SVG or to make new HTML features seem more logical (introduce the same tag omission features as for analogous old elements, etc.). Even if all browsers were on a six-week release cycle, server-side libraries don't have auto-updaters even if the upstream repos of the server-side libraries were on a six-week cycle. Introducing differences between the server-side understanding of HTML works differs from the browser-side understanding poses enough security risk that we should avoid it. |
This argument means that we can never do anything with SVG-in-HTML, tho. No custom elements, no template, it's all ruled out due to the bizarro parsing that SVG-in-HTML had to invent. This renders the entire feature a second-class citizen in HTML. This might be what we need to do! I'm willing to trust your judgement here, even if I disagree with the results. But it suggests that we have a fairly serious problem, in that there's a whole, useful feature, which could benefit quite a bit from integrating with other parts of HTML/DOM, but is prevented from doing so for legacy reasons. Perhaps, then, we should look into a fix for this. As an example: add a new This does mean we'd lose the self-closing thing that SVG-in-HTML can currently do, but eh. Worth it if that's the sacrifice necessary to keep vector graphics usable in HTML. |
The SVG2 spec defines that the HTML audio/video/iframe/canvas elements should work in SVG. That's a little bit inconvenient in SVG's XML serialization, as you have to include another namespace, but it's actually impossible currently in embedded SVG, as you don't use namespaces manually at all.
The parser, when it switches into parsing SVG, should have a list of elements that are put into the HTML namespace automatically. At minimum, this should be audio/video/iframe/canvas, + picture. Child elements should also automatically be in the HTML namespace (unless you hit an subtree, obviously).
The text was updated successfully, but these errors were encountered: