<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<!DOCTYPE bugzilla SYSTEM "https://www.w3.org/Bugs/Public/page.cgi?id=bugzilla.dtd">

<bugzilla version="5.0.4"
          urlbase="https://www.w3.org/Bugs/Public/"
          
          maintainer="sysbot+bugzilla@w3.org"
>

    <bug>
          <bug_id>20973</bug_id>
          
          <creation_ts>2013-02-12 11:04:57 +0000</creation_ts>
          <short_desc>[Custom]: Restrict custom elements to NCName</short_desc>
          <delta_ts>2015-07-06 08:17:40 +0000</delta_ts>
          <reporter_accessible>1</reporter_accessible>
          <cclist_accessible>1</cclist_accessible>
          <classification_id>1</classification_id>
          <classification>Unclassified</classification>
          <product>WebAppsWG</product>
          <component>HISTORICAL - Component Model</component>
          <version>unspecified</version>
          <rep_platform>PC</rep_platform>
          <op_sys>All</op_sys>
          <bug_status>RESOLVED</bug_status>
          <resolution>MOVED</resolution>
          
          
          <bug_file_loc></bug_file_loc>
          <status_whiteboard></status_whiteboard>
          <keywords></keywords>
          <priority>P2</priority>
          <bug_severity>normal</bug_severity>
          <target_milestone>---</target_milestone>
          
          <blocked>14968</blocked>
          <everconfirmed>1</everconfirmed>
          <reporter name="Anne">annevk</reporter>
          <assigned_to name="Dimitri Glazkov">dglazkov</assigned_to>
          <cc>deepak.sa</cc>
    
    <cc>dominicc</cc>
          
          <qa_contact>public-webapps-bugzilla</qa_contact>

      

      

      

          <comment_sort_order>oldest_to_newest</comment_sort_order>  
          <long_desc isprivate="0" >
    <commentid>82980</commentid>
    <comment_count>0</comment_count>
    <who name="Anne">annevk</who>
    <bug_when>2013-02-12 11:04:57 +0000</bug_when>
    <thetext>&quot;match the Name production&quot; Effectively HTML elements are restricted to NCName because XML, lets do the same for custom element names, even though allowing :-D and such is kinda fun.</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>83021</commentid>
    <comment_count>1</comment_count>
    <who name="Dimitri Glazkov">dglazkov</who>
    <bug_when>2013-02-12 19:17:24 +0000</bug_when>
    <thetext>https://dvcs.w3.org/hg/webcomponents/rev/248ae0e2880f</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>114948</commentid>
    <comment_count>2</comment_count>
    <who name="Dimitri Glazkov">dglazkov</who>
    <bug_when>2014-11-14 20:43:39 +0000</bug_when>
    <thetext>Anne, it sounds like the NCName and Name productions are only loosely compatible. This leads to all kinds of weird contortions in https://code.google.com/p/chromium/issues/detail?id=325673.

The spirit of the spec is captured by Dominic in https://code.google.com/p/chromium/issues/detail?id=325673#c3, but I think we&apos;re failing to do that by switching to NCName.

Do you have any suggestions?</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>114966</commentid>
    <comment_count>3</comment_count>
    <who name="Anne">annevk</who>
    <bug_when>2014-11-15 11:59:05 +0000</bug_when>
    <thetext>This is a difference between authoring conformance and what is actually allowed per createElement, and the HTML parser et al.

There&apos;s no silver bullet here as I explained in another thread, unless we actually want to change createElement() and createElementNS() in implementations.

(I&apos;m not sure what Document:isValidName() is. But if it&apos;s what createElement() requires, that is not matched by the HTML parser already...)</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>114974</commentid>
    <comment_count>4</comment_count>
    <who name="Dimitri Glazkov">dglazkov</who>
    <bug_when>2014-11-16 05:11:17 +0000</bug_when>
    <thetext>(In reply to Anne from comment #3)
&gt; This is a difference between authoring conformance and what is actually
&gt; allowed per createElement, and the HTML parser et al.
&gt; 
&gt; There&apos;s no silver bullet here as I explained in another thread, unless we
&gt; actually want to change createElement() and createElementNS() in
&gt; implementations.
&gt; 
&gt; (I&apos;m not sure what Document:isValidName() is. But if it&apos;s what
&gt; createElement() requires, that is not matched by the HTML parser already...)

Yup. Document::isValidName is the check from https://dom.spec.whatwg.org/#dom-document-createelement et al.

I think I am starting to understand this. The http://w3c.github.io/webcomponents/spec/custom/#dfn-custom-element-type check in http://w3c.github.io/webcomponents/spec/custom/#dfn-definition-construction-algorithm is not a subset of the check in https://dom.spec.whatwg.org/#dom-document-createelement. And that is okay, because XML. IOW, you can indeed register an element with a name that createElement will not be able to digest. And that is okay. Right?</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>114975</commentid>
    <comment_count>5</comment_count>
    <who name="Anne">annevk</who>
    <bug_when>2014-11-16 08:46:48 +0000</bug_when>
    <thetext>Yeah, it would just be non-conforming to do so. Aligning the various name creation algorithms seems like a huge hassle at this point, though if any implementer is interested in the churn I&apos;d be open to it.</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>114977</commentid>
    <comment_count>6</comment_count>
    <who name="Dimitri Glazkov">dglazkov</who>
    <bug_when>2014-11-16 16:30:11 +0000</bug_when>
    <thetext>(In reply to Anne from comment #5)
&gt; Yeah, it would just be non-conforming to do so. Aligning the various name
&gt; creation algorithms seems like a huge hassle at this point, though if any
&gt; implementer is interested in the churn I&apos;d be open to it.

Deepak seems to be digging into that. Deepak, are you interested in this problem as a whole or just as a first-blink-bug type of thing?</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>114981</commentid>
    <comment_count>7</comment_count>
    <who name="Deepak Singla">deepak.sa</who>
    <bug_when>2014-11-17 04:33:07 +0000</bug_when>
    <thetext>(In reply to Dimitri Glazkov from comment #6)
&gt; (In reply to Anne from comment #5)
&gt; &gt; Yeah, it would just be non-conforming to do so. Aligning the various name
&gt; &gt; creation algorithms seems like a huge hassle at this point, though if any
&gt; &gt; implementer is interested in the churn I&apos;d be open to it.
&gt; 
&gt; Deepak seems to be digging into that. Deepak, are you interested in this
&gt; problem as a whole or just as a first-blink-bug type of thing?

Yeah, I would be like to see this issue through.</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>114982</commentid>
    <comment_count>8</comment_count>
    <who name="Deepak Singla">deepak.sa</who>
    <bug_when>2014-11-17 05:10:28 +0000</bug_when>
    <thetext>How should we proceed with this? Are we going to align all the name creation algorithms? Or just improve in Custom Element&apos;s name creation?</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>114986</commentid>
    <comment_count>9</comment_count>
    <who name="Anne">annevk</who>
    <bug_when>2014-11-17 08:08:39 +0000</bug_when>
    <thetext>See https://www.w3.org/Bugs/Public/show_bug.cgi?id=27228#c3 for a way forward. Investigating whether we can make the HTML parser and createElement()/createAttribute() consistent seems like a good first step.</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>115197</commentid>
    <comment_count>10</comment_count>
    <who name="Deepak Singla">deepak.sa</who>
    <bug_when>2014-11-20 10:09:16 +0000</bug_when>
    <thetext>HTML parser works according to the states. It allows/disallows characters on the basis of the states(Tag name state, End tag open state etc.). It does not take into consideration of validity of that name, and IMHO it should not. HTML parser only coverts them into tokens. Validity has to be checked later. So the HTML parser name validation should not be changed.

So the options remains to change the createElement()&apos;s name production.
Latest edition of createElement()&apos;s (http://www.w3.org/TR/dom/#dom-document-createelement) name production points to 5th edition XML 1.0 (http://www.w3.org/TR/xml/#NT-Name ). 

Related to Custom Element: Latest editor&apos;s draft of custom element name (http://w3c.github.io/webcomponents/spec/custom/#dfn-custom-element) points to 4th edition NCName : http://www.w3.org/TR/1999/REC-xml-names-19990114/#NT-NCName 
Shouldn&apos;t we change it to 5th edition NCName: http://www.w3.org/TR/xml-names/#NT-NCName ?</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>115204</commentid>
    <comment_count>11</comment_count>
    <who name="Anne">annevk</who>
    <bug_when>2014-11-20 11:17:59 +0000</bug_when>
    <thetext>Deepak, XML does not define validity for HTML. E.g. &quot;test&quot; is invalid for HTML, yet is allowed by createElement(), createElementNS(), and the HTML parser.

&quot;test:test&quot; is non-well-formed in XML (when namespaces are enabled, as they are), invalid in HTML, yet is allowed by the HTML parser, createElement(), but not createElementNS().

Comment 0 is mostly about restricting the validity to names that can be used by both HTML and XML, but does not put actual constraints in place for the HTML parser, createElement(), and createElementNS().</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>115215</commentid>
    <comment_count>12</comment_count>
    <who name="Deepak Singla">deepak.sa</who>
    <bug_when>2014-11-20 12:16:28 +0000</bug_when>
    <thetext>(In reply to Anne from comment #11)

&gt; Comment 0 is mostly about restricting the validity to names that can be used
&gt; by both HTML and XML, but does not put actual constraints in place for the
&gt; HTML parser, createElement(), and createElementNS().

So, we have to define a new rule set which only allows predefined tags/attributes of html?</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>115217</commentid>
    <comment_count>13</comment_count>
    <who name="Anne">annevk</who>
    <bug_when>2014-11-20 12:46:35 +0000</bug_when>
    <thetext>The only somewhat logical thing to do here would be investigating whether we can let createElement()/createElementNS() create the same set of elements that the HTML parser can create.</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>115376</commentid>
    <comment_count>14</comment_count>
    <who name="Deepak Singla">deepak.sa</who>
    <bug_when>2014-11-24 11:10:17 +0000</bug_when>
    <thetext>In here https://www.w3.org/Bugs/Public/show_bug.cgi?id=24271#c6 you said to experiment with the browser. Can you explain a bit more on that?
As I am relatively inexperienced, can you provide me pointers on how should I investigate about createElement and HTML parser? I have tried characters which gives error in createElement() but passes in HTML parser. But that doesn&apos;t provide any useful information that how allowing a particular character breaks the web.</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>115398</commentid>
    <comment_count>15</comment_count>
    <who name="Anne">annevk</who>
    <bug_when>2014-11-24 17:00:25 +0000</bug_when>
    <thetext>(In reply to Deepak Singla from comment #14)
&gt; In here https://www.w3.org/Bugs/Public/show_bug.cgi?id=24271#c6 you said to
&gt; experiment with the browser. Can you explain a bit more on that?

You would patch the browser to a loser check for createElement() and see if that breaks pages. Before doing that you likely have to investigate how many pages make createElement() calls with the code points you plan on allowing in addition to those that are already allowed to find out if anyone depends on the exception thrown. Most browsers have some kind of instrumentation available for this.</thetext>
  </long_desc><long_desc isprivate="0" >
    <commentid>121756</commentid>
    <comment_count>16</comment_count>
    <who name="Hayato Ito">hayato</who>
    <bug_when>2015-07-06 08:17:40 +0000</bug_when>
    <thetext>Moved to https://github.com/w3c/webcomponents/issues/177</thetext>
  </long_desc>
      
      

    </bug>

</bugzilla>