A string is a valid non-empty URL if it is a valid URL string but it is not the empty string.

A string is a valid URL potentially surrounded by spaces if, after stripping leading and trailing ASCII whitespace from it, it is a valid URL string.

A string is a valid non-empty URL potentially surrounded by spaces if, after stripping leading and trailing ASCII whitespace from it, it is a valid non-empty URL.

A URL matches about:blank if its scheme is "about", its path contains a single string "blank", its username and password are the empty string, and its host is null.

A URL matches about:srcdoc if its scheme is "about", its path contains a single string "srcdoc", its query is null, its username and password are the empty string, and its host is null.

To parse a URL, given a string url, relative to a Document object or environment settings object environment, run these steps. They return failure or a URL.

1. Let baseURL be environment's base URL, if environment is a Document object; otherwise environment's API base URL.

2. Return the result of applying the URL parser to url, with baseURL.

To encoding-parse a URL, given a string url, relative to a Document object or environment settings object environment, run these steps. They return failure or a URL.

1. Let encoding be UTF-8.

2. If environment is a Document object, then set encoding to environment's character encoding.

3. Otherwise, if environment's relevant global object is a Window object, set encoding to environment's relevant global object's associated Document's character encoding.

4. Let baseURL be environment's base URL, if environment is a Document object; otherwise environment's API base URL.

5. Return the result of applying the URL parser to url, with baseURL and encoding.

To encoding-parse-and-serialize a URL, given a string url, relative to a Document object or environment settings object environment, run these steps. They return failure or a string.

1. Let url be the result of encoding-parsing a URL given url, relative to environment.

2. If url is failure, then return failure.

3. Return the result of applying the URL serializer to url.

The document base URL of a Document document is the URL record obtained by running these steps:

1. If document has no descendant base element that has an href attribute, then return document's fallback base URL.

2. Otherwise, return the frozen base URL of the first base element in document that has an href attribute, in tree order.

The fallback base URL of a Document object document is the URL record obtained by running these steps:

1. If document is an iframe srcdoc document:

   1. Assert: document's about base URL is non-null.

   2. Return document's about base URL.

2. If document's URL matches about:blank and document's about base URL is non-null, then return document's about base URL.

3. Return document's URL.

To set the URL for a Document document to a URL record url:

1. Set document's URL to url.

2. Respond to base URL changes given document.

To respond to base URL changes for a Document document:

1. The user agent should update any user interface elements which are displaying affected URLs, or data derived from such URLs, to the user. Examples of such user interface elements would be a status bar that displays a hyperlink's url, or some user interface which displays the URL specified by a q, blockquote, ins, or del element's cite attribute.

2. Ensure that the CSS :link/:visited/etc. pseudo-classes are updated appropriately.

3. For each descendant of document's shadow-including descendants:

   1. If descendant is a script element whose result is a speculation rules parse result, then:

      1. Let oldResult be element's result.

      2. Let newResult be the result of creating a speculation rules parse result given element's child text content and element's node document.

      3. Update speculation rules given element's relevant global object, oldResult, and newResult.

4. Consider speculative loads given document.

A response whose type is "basic", "cors", or "default" is CORS-same-origin. [FETCH]

A response whose type is "opaque" or "opaqueredirect" is CORS-cross-origin.

A response's unsafe response is its internal response if it has one, and the response itself otherwise.

To create a potential-CORS request, given a url, destination, corsAttributeState, and an optional same-origin fallback flag, run these steps:

1. Let mode be "no-cors" if corsAttributeState is No CORS, and "cors" otherwise.

2. If same-origin fallback flag is set and mode is "no-cors", set mode to "same-origin".

3. Let credentialsMode be "include".

4. If corsAttributeState is Anonymous, set credentialsMode to "same-origin".

5. Return a new request whose URL is url, destination is destination, mode is mode, credentials mode is credentialsMode, and whose use-URL-credentials flag is set.

The algorithm for extracting a character encoding from a meta element, given a string s, is as follows. It returns either a character encoding or nothing.

1. Let position be a pointer into s, initially pointing at the start of the string.

2. Loop: Find the first seven characters in s after position that are an ASCII case-insensitive match for the word "charset". If no such match is found, return nothing.

3. Skip any ASCII whitespace that immediately follow the word "charset" (there might not be any).

4. If the next character is not a U+003D EQUALS SIGN (=), then move position to point just before that next character, and jump back to the step labeled loop.

5. Skip any ASCII whitespace that immediately follow the equals sign (there might not be any).

6. Process the next character as follows:

   If it is a U+0022 QUOTATION MARK character (") and there is a later U+0022 QUOTATION MARK character (") in s

   If it is a U+0027 APOSTROPHE character (') and there is a later U+0027 APOSTROPHE character (') in s

   Return the result of getting an encoding from the substring that is between this character and the next earliest occurrence of this character.

   If it is an unmatched U+0022 QUOTATION MARK character (")

   If it is an unmatched U+0027 APOSTROPHE character (')

   If there is no next character

   Return nothing.

   Otherwise

   Return the result of getting an encoding from the substring that consists of this character up to but not including the first ASCII whitespace or U+003B SEMICOLON character (;), or the end of s, whichever comes first.

The attribute's missing value default is the No CORS state, and its invalid value default and empty value default are both the Anonymous state.

For more modern features, where the request's mode is always "cors", certain CORS settings attributes have been repurposed to have a slightly different meaning, wherein they only impact the request's credentials mode. To perform this translation, we define the CORS settings attribute credentials mode for a given CORS settings attribute to be determined by switching on the attribute's state:

No CORS

Anonymous

"same-origin"

Use Credentials

"include"

The attribute's missing value default and invalid value default are both the empty string state.

The nonce IDL attribute must, on getting, return the value of this element's [[CryptographicNonce]]; and on setting, set this element's [[CryptographicNonce]] to the given value.

The following attribute change steps are used for the nonce content attribute:

1. If element does not include HTMLOrSVGOrMathMLElement, then return.

2. If localName is not nonce or namespace is not null, then return.

3. If value is null, then set element's [[CryptographicNonce]] to the empty string.

4. Otherwise, set element's [[CryptographicNonce]] to value.

Whenever an element including HTMLOrSVGOrMathMLElement becomes browsing-context connected, the user agent must execute the following steps on the element:

1. Let CSP list be element's shadow-including root's policy container's CSP list.

2. If CSP list contains a header-delivered Content Security Policy, and element has a nonce content attribute whose value is not the empty string, then:

   1. Let nonce be element's [[CryptographicNonce]].

   2. Set an attribute value for element using "nonce" and the empty string.

   3. Set element's [[CryptographicNonce]] to nonce.

   If element's [[CryptographicNonce]] were not restored it would be the empty string at this point.

The cloning steps for elements that include HTMLOrSVGOrMathMLElement given node, copy, and subtree are to set copy's [[CryptographicNonce]] to node's [[CryptographicNonce]].

The attribute's missing value default and invalid value default are both the Eager state.

The will lazy load element steps, given an element element, are as follows:

1. If scripting is disabled for element, then return false.

   This is an anti-tracking measure, because if a user agent supported lazy loading when scripting is disabled, it would still be possible for a site to track a user's approximate scroll position throughout a session, by strategically placing images in a page's markup such that a server can track how many images are requested and when.

2. If element's lazy loading attribute is in the Lazy state, then return true.

3. Return false.

To start intersection-observing a lazy loading element element, run these steps:

1. Let doc be element's node document.

2. If doc's lazy load intersection observer is null, set it to a new IntersectionObserver instance, initialized as follows:

   The intention is to use the original value of the IntersectionObserver constructor. However, we're forced to use the JavaScript-exposed constructor in this specification, until Intersection Observer exposes low-level hooks for use in specifications. See bug w3c/IntersectionObserver#464 which tracks this. [INTERSECTIONOBSERVER]

   • The callback is these steps, with arguments entries and observer:

     1. For each entry in entries using a method of iteration which does not trigger developer-modifiable array accessors or iteration hooks:

        1. Let resumptionSteps be null.

        2. If entry.isIntersecting is true, then set resumptionSteps to entry.target's lazy load resumption steps.

        3. Let posterResumptionSteps be null.

           If entry.isIntersecting is true and entry.target is a video element, then set posterResumptionSteps to the video element's poster lazy load resumption steps.

        4. If resumptionSteps is null and posterResumptionSteps is null, then return.

        5. Stop intersection-observing a lazy loading element for entry.target.

        6. If resumptionSteps is not null, then:

           1. Set entry.target's lazy load resumption steps to null.

           2. Invoke resumptionSteps.

        7. If posterResumptionSteps is not null, then:

           1. Set the video element's poster lazy load resumption steps to null.

           2. Invoke posterResumptionSteps.

        The intention is to use the original value of the isIntersecting and target getters. See w3c/IntersectionObserver#464. [INTERSECTIONOBSERVER]

   • The options is an IntersectionObserverInit dictionary with the following dictionary members: «[ "scrollMargin" → lazy load scroll margin ]»

     This allows for fetching the image during scrolling, when it does not yet — but is about to — intersect the viewport.

     The lazy load scroll margin suggestions imply dynamic changes to the value, but the IntersectionObserver API does not support changing the scroll margin. See issue w3c/IntersectionObserver#428.

3. Call doc's lazy load intersection observer's observe method with element as the argument.

   The intention is to use the original value of the observe method. See w3c/IntersectionObserver#464. [INTERSECTIONOBSERVER]

To stop intersection-observing a lazy loading element element, run these steps:

1. Let doc be element's node document.

2. Assert: doc's lazy load intersection observer is not null.

3. Call doc's lazy load intersection observer's unobserve method with element as the argument.

   The intention is to use the original value of the unobserve method. See w3c/IntersectionObserver#464. [INTERSECTIONOBSERVER]

The blocking tokens set for an element el are the result of the following steps:

1. Let value be the value of el's blocking attribute, or the empty string if no such attribute exists.

2. Set value to value, converted to ASCII lowercase.

3. Let rawTokens be the result of splitting value on ASCII whitespace.

4. Return a set containing the elements of rawTokens that are possible blocking tokens.

An element is potentially render-blocking if its blocking tokens set contains "render", or if it is implicitly potentially render-blocking, which will be defined at the individual elements. By default, an element is not implicitly potentially render-blocking.

The attribute's missing value default and invalid value default are both the Auto state.