whatwg · foolip · Sep 4, 2025 · Oct 2, 2025 · Oct 6, 2025 · Oct 6, 2025
diff --git a/source b/source
@@ -123478,7 +123478,7 @@ document.body.appendChild(frame)</code></pre>
 
   <h3 id="dom-parsing-and-serialization">DOM parsing and serialization APIs</h3>
 
-  <pre><code class="idl">partial interface <span id="Element-partial">Element</span> {
+  <pre><code class="idl">partial interface <span>Element</span> {
   [<span>CEReactions</span>] undefined <span data-x="dom-Element-setHTMLUnsafe">setHTMLUnsafe</span>((<code data-x="tt-trustedhtml">TrustedHTML</code> or DOMString) html);
   DOMString <span data-x="dom-Element-getHTML">getHTML</span>(optional <span>GetHTMLOptions</span> options = {});
 
@@ -123487,7 +123487,7 @@ document.body.appendChild(frame)</code></pre>
   [<span>CEReactions</span>] undefined <span data-x="dom-Element-insertAdjacentHTML">insertAdjacentHTML</span>(DOMString position, (<code data-x="tt-trustedhtml">TrustedHTML</code> or DOMString) string);
 };
 
-partial interface <span id="ShadowRoot-partial">ShadowRoot</span> {
+partial interface <span>ShadowRoot</span> {
   [<span>CEReactions</span>] undefined <span data-x="dom-ShadowRoot-setHTMLUnsafe">setHTMLUnsafe</span>((<code data-x="tt-trustedhtml">TrustedHTML</code> or DOMString) html);
   DOMString <span data-x="dom-ShadowRoot-getHTML">getHTML</span>(optional <span>GetHTMLOptions</span> options = {});
 
@@ -124357,6 +124357,98 @@ interface <dfn interface>XMLSerializer</dfn> {
 
   </div>
 
+  <h3 split-filename="patching" id="patching">Patching</h3>
+
+  <p>TODO: introduction, what's all this?</p>
+
+  <pre><code class="idl">partial interface <span>Element</span> {
+  WritableStream <span data-x="dom-Element-streamHTMLUnsafe">streamHTMLUnsafe</span>(optional StreamHTMLUnsafeOptions options = {});
+};
+
+partial interface <span>ShadowRoot</span> {
+  WritableStream <span data-x="dom-ShadowRoot-streamHTMLUnsafe">streamHTMLUnsafe</span>(optional StreamHTMLUnsafeOptions options = {});
+};
+
+dictionary <dfn dictionary>StreamHTMLUnsafeOptions</dfn> {
+  boolean <dfn dict-member for="StreamHTMLUnsafeOptions" data-x="dom-StreamHTMLUnsafeOptions-runScripts">runScripts</dfn> = false;
+};</code></pre>
+
+  <div w-nodev>
+
+  <div algorithm>
+  <p><code>Element</code>'s <dfn method for="Element"><code
+  data-x="dom-Element-streamHTMLUnsafe">streamHTMLUnsafe(<var>options</var>)</code></dfn> method steps
+  are:</p>
+
+  <ol>
+   <li><p>Let <var>writable</var> be a new WritableStream.</p></li>
+
+   <li>
+    <p>👋 Sketch of the streams setup:</p>
+
+    <ol>
+     <li><p>Incoming chunks must all be of the same type, either strings or a trusted types
+     wrapper. Check this on every chunk and treat mixing as an error.</p></li>
+
+     <li><p>If the first chunk is not a trusted types wrapper and there is a default TT policy,
+     create a transform stream using <code data-x="">createTransformStream</code> from the default
+     policy. Then pipe chunks through that transform stream.</p></li>
+
+     <li><p>For trusted types handled "outside" (not by the internal transform stream) check that
+     the chunks are in the same order and not duplicated/filtered/reordered.</p></li>
+    </ol>
+   </li>
+
+   <li>
+    <p>👋 Sketch of the parser setup:</p>
+
+    <ol>
+     <li><p>Let <var>parser</var> be a new fragment parser.</p></li>
+
+     <li><p>Add <span>this</span> to the <span>stack of open elements</span>.</p></li>
+
+     <li><p>If <var>options</var>["<code data-x="dom-StreamHTMLUnsafeOptions-runScripts">runScripts</code>"],
+     don't mark scripts as already executed.</p></li>
+
+     <li><p>Write chunks into the parser as they are written to <var>writable</var>.</p></li>
+    </ol>
+   </li>
+
+   <li><p>Return <var>writable</var>.</p></li>
+  </ol>
+  </div>
+
+  <div class="example">
+   <p>Do a thing like this:</p>
+   <pre><code class="js">const policy = trustedTypes.createPolicy("my-policy", {
+  createTransformStream() {
+    return new TransformStream({
+      transform(chunk, controller) {
+        // TODO: some buffering
+        controller.enqueue(sanitize(chunk));
+      }
+    });
+  }
+});
+
+const response = await fetch('/fragments/something');
+const transform = policy.createTransformStream();
+const writable = element.streamHTMLUnsafe();
+await response.body.pipeThrough(transform).pipeTo(writable);</code></pre>
+  </div>
+
+  <div algorithm>
+  <p><code>ShadowRoot</code>'s <dfn method for="ShadowRoot"><code
+  data-x="dom-ShadowRoot-streamHTMLUnsafe">streamHTMLUnsafe(<var>options</var>)</code></dfn> method steps
+  are:</p>
+
+  <ol>
+   <li>TODO</li>
+  </ol>
+  </div>
+
+  </div>
+
   <h3 split-filename="timers-and-user-prompts" id="timers">Timers</h3>
 
   <p>The <code data-x="dom-setTimeout">setTimeout()</code> and <code