Out of order HTML streaming ("patching")

[noamr]

What problem are you trying to solve?

When delivering HTML documents, often parts of the document are ready in the server before others. This order might not be the same as the DOM order.

For example, a <select> might appear early in the DOM, with the <option> elements for it fetched from a database in parallel, or 3rd party widgets that have a placeholder that gets filled later.

What solutions exist today?

Some frameworks like React & Svelte offer support for out-of-order streaming. React does so by injecting inline <script> elements that modify the DOM.

How would you solve it?

Suggesting to have a contentname attribute, and extending the <template> element to make it into a patch:

• <template contentfor="foo"> (a patch) would target an element with the given contentname=foo (an outlet).
• The first patch replaces the outlet's children, the next ones append (by default).

Additional/supporting APIs

• The contentmethod attribute can change the default behavior, with values equivalent to DOM methods (replace-with, replace-children, after, before, append, prepend).
• A contentrevision attribute can be present on both the patch and the outlet. If they are identical, the patching is skipped.
• The outlet lookup is done with the template's parent as the scope, so those patches can't be deeply nested and then target some external element. An exception is that patches that are direct descendants of <body> can target the whole document.
• In addition, the lookup is tree-scoped and has no affordances for escaping the shadow root.
• Patching into a fragment works, but the same rule applies - which means that the patch cannot escape the fragment.
• The target would receive pseudo-classes that reflect its patching status (:updating and :pending?)
• We should consider a JS getter that reflects the current state of patching.

Gritty details:

• Scripts that are part of a patch are executed as normal if performed as part of the main parser.
• Scripts, styles, other RAWTEXT elements (e.g. xmp), <plaintext> and the document (HTML) element cannot be directly streamed into. RCDATA elements (title/textarea) can.
• From a parser perspective, a setup similar to fragment parsing is set up inside the <template>'s stack of open items. This makes parsing behave like parsing into the context element and into the <template> at the same time. The insertion target is the context element.
• Conflicts/mismatches are handled as per A way to stream content into an element #2142 (comment)

Alternative: using <script> with escaping

Using <template> feels natural as a way to stream HTML. However, it has the constraint of not being able to stream directly into scripts and styles (RAWTEXT).

An alternative would be to have the patch be escaped HTML inside a <script> element. Then we can use the existing tokenizer state of the script element, unescape the text, and pass it to a second parser that inserts the elements to the correct context.

This however feels unnatural as HTML passed over HTTP should not require escaping :)
Since we can add a replaceWith mode in the future (instead of the current replaceChildren mode), it might be a better option than requiring the HTML to be escaped.

Potential future enhancements

• Fetching and patching from an external resource (using the existing src attribute))

[zcorpan]

I'm a bit worried about changing the parsing of template to RAWTEXT based on an attribute. This can cause new XSS/mXSS vectors. Is it possible to use an element that is already parsed as text, e.g. script?

[noamr]

I'm a bit worried about changing the parsing of template to RAWTEXT based on an attribute. This can cause new XSS/mXSS vectors. Is it possible to use an element that is already parsed as text, e.g. script?

Yes <script type=patch> is an option. It would also open opportunities to explore using existing script attributes like src and defer.

[zcorpan]

cc @whatwg/html-parser

[noamr]

Another thing to add/suggest here, based on feedback from early adopters of the prototype:
When there are multiple patches to the same target in the same document stream, only the first one removes all the children.

So the following:

<div id=target>...</div>
<template patchfor=target>ABC</template>
<template patchfor=target>DEF</template>

... would result in <div id=target>ABCDEF</div>.

(Replace with <script type=patch> if needed, this is in the sake of an example).

Basically the parser created for each target would only be closed once the main parser stream is closed.

This allows interleaved streaming to multiple locations out of order.

[noamr]

Added agenda+ to discuss moving this to stage 1. It seems to me that it meets the bar:

• We have put together a detailed explainer
• Consensus that the WHATWG is interested in exploring solutions in this problem space: it seemed like it from past discussions in the WHATNOT, let's verify in the next one.
• At least one implementor: chromium
• Contributor: @foolip and @noamr
• WHATWG workstream: HTML