[css-forms-1][css-ui-4] Move field-sizing and input-security from css-ui-4 to css-forms-1.

nt1m · nt1m · commit ba91d7159acf · 2025-04-14T16:44:21.000+02:00
diff --git a/css-forms-1/Overview.bs b/css-forms-1/Overview.bs
@@ -611,7 +611,60 @@ spec:css-forms-1; type:value; for:/; text:::placeholder
 
 # Styling Widgets # {#styling-widgets}
 
-  ISSUE: Move field-sizing/accent-color/input-security into this specification?
+## Widget Accent Colors: the 'accent-color' property ## {#accent-color}
+
+  The 'accent-color' property is defined in [[!CSS-UI-4]].
+
+## Switching form control sizing: the 'field-sizing' property ## {#field-sizing}
+
+	<pre class=propdef>
+	Name: field-sizing
+	Value: fixed | content
+	Initial: ''field-sizing/fixed''
+	Applies to: [=elements with default preferred size=]
+	Inherited: no
+	Percentages: N/A
+	Computed Value: as specified
+	Canonical order: per grammar
+	Animation type: discrete
+	</pre>
+
+	For the purpose of this specification,
+	an <dfn export>element with default preferred size</dfn> is an element
+	whose [=intrinsic size=] is fixed regardless of the size of its content.
+	The host language defines which elements are applicable to it.
+	For example, in HTML <{textarea}> is an [=element with default preferred size=].
+
+	<dl dfn-type=value dfn-for=field-sizing>
+		<dt><dfn>fixed</dfn>
+		<dd>
+			For [=element with default preferred size=],
+			the UA must set the [=intrinsic size=]
+			to the default preferred size defined by the host language for that element.
+			Otherwise, the UA must behave the same as ''field-sizing/content''.
+		<dt><dfn>content</dfn>
+		<dd>
+			The UA must determine the element's [=intrinsic size=] based on its content,
+			and must ignore any default preferred size defined by the host language for that element.
+			If the element is an [=element with default preferred size=] and
+			is listed in [[CSS-SIZING-3#min-content-zero|compressible replaced elements]],
+			the UA must stop treating the element as a replaced element for [=min-content contribution=].
+	</dl>
+
+	<div class="example">
+		For instance, <{textarea}> has a fixed size regardless of its content by default:
+
+		<span class="fake-textarea auto">&#x23B8;</span>
+		<span class="fake-textarea auto">The quick brown fox jumps over the lazy dog.</span>
+
+		If ''field-sizing: content'' is applied, the size of the former should fit to a text caret.
+		<span class="fake-textarea">&#x23B8;</span>
+
+		If ''field-sizing: content'' is applied and its width property has a fixed value like ''width: 10em'',
+		the element height depends on the number of the content lines:
+
+		<span class="fake-textarea normal">The quick brown fox jumps over the lazy dog.&#x23B8;</span>
+	</div>
 
 ## Changing the Orientation of a [=Slider-Like Control=]: ''slider-orientation'' ## {#slider-orientation}
 
@@ -650,6 +703,76 @@ spec:css-forms-1; type:value; for:/; text:::placeholder
 
   </dl>
 
+## Obscuring sensitive input: the 'input-security' property ## {#input-security}
+
+	Issue: The CSSWG has agreed that
+	while we believe that providing this piece of functionality to users is important,
+	doing it via CSS+JS is the wrong approach,
+	and that instead it should be built into user agents:
+	this needs to work consistently from site to site for it to be discoverable and understandable by users,
+	this needs to work even when JS is turned off,
+	and this needs to have consistently solid accessibility…
+	We therefore intend to remove this from the specification,
+	and instead, we would like to see this behavior specified in the HTML specification
+	as part of the interaction model of password fields.
+	Holding off deleting until the situation with HTML is clarified.
+	See
+	<a href="https://github.com/w3c/csswg-drafts/issues/6788">https://github.com/w3c/csswg-drafts/issues/6788</a>
+	and
+	<a href="https://github.com/whatwg/html/issues/7293">https://github.com/whatwg/html/issues/7293</a>.
+
+	<pre class=propdef>
+	Name: input-security
+	Value: auto | none
+	Initial: ''input-security/auto''
+	Applies to: [=sensitive text inputs=]
+	Inherited: no
+	Percentages: N/A
+	Computed Value: as specified
+	Canonical order: per grammar
+	Animation type: by computed value type
+	</pre>
+
+	For the purpose of this specification,
+	a <dfn export>sensitive text input</dfn> is
+	a text input whose purpose is to accept sensitive input,
+	as defined by the host language.
+	For example, in HTML <{input/type/password|&lt;input type=password&gt;}> is a [=sensitive text input=].
+
+	By default, user agents obscure the contents of [=sensitive text inputs=]
+	in order to prevent onlookers from seeing it.
+	Users may wish to temporarily disable this obscuring
+	in order to confirm that they've typed their sensitive information correctly.
+	The ''input-security'' property may be used by authors
+	to enable or disable this obscuring.
+
+	<dl dfn-type=value dfn-for=input-security>
+		<dt><dfn>none</dfn>
+		<dd>
+			The UA must not obscure the text in the control,
+			so that it can be read by the user.
+		<dt><dfn>auto</dfn>
+		<dd>
+			The UA should obscure the text in the control,
+			so that it cannot be read by the user.
+	</dl>
+
+	While the exact mechanism by which user agents obscure the text in the control is undefined, user agents typically obscure [=sensitive text inputs=] by replacing each character with some suitable replacement such as U+002A ASTERISK (*) or U+25CF BLACK CIRCLE (●).
+
+	<div class="example">
+		For instance, given this style sheet
+		<pre><code class="lang-css">
+		input[type=password] {
+			input-security: auto;
+		}</code></pre>
+		and this HTML
+		<pre><code class="lang-html">
+		&lt;input type=password value=MySecret794>
+		</code></pre>
+		a user agent might render the <{input/type/password|&lt;input type=password&gt;}> like so:
+		<span class=fake-input-type-password>●●●●●●●●●●●</span>
+	</div>
+
 <h2 class="no-num non-normative" id="basic-appearance-stylesheet">Appendix A: Basic Appearance User Agent Stylesheet</h2>
   
   ISSUE: Move to HTML.
@@ -914,6 +1037,8 @@ select::picker-icon {
 <ul>
   <li>Added !important to select buttons inertness.</li>
   <li>Removed "Appendix B: Explorations" with obsolete ideas.</li>
+  <li>Added "slider-" prefix to slider pseudo-elements.</li>
+  <li>Moved 'field-sizing' and 'input-security' properties from css-ui-4.</li>
 </ul>
 
 <h2 class=no-num id=privacy>Privacy Considerations</h2>
diff --git a/css-ui-4/Overview.bs b/css-ui-4/Overview.bs
@@ -2619,131 +2619,6 @@ Effects of 'appearance' on Semantic Aspects of Elements</h4>
 	</div>
 
 
-<h3 id="field-sizing">
-Switching form control sizing: the 'field-sizing' property</h3>
-
-	<pre class=propdef>
-	Name: field-sizing
-	Value: fixed | content
-	Initial: ''field-sizing/fixed''
-	Applies to: [=elements with default preferred size=]
-	Inherited: no
-	Percentages: N/A
-	Computed Value: as specified
-	Canonical order: per grammar
-	Animation type: discrete
-	</pre>
-
-	For the purpose of this specification,
-	an <dfn export>element with default preferred size</dfn> is an element
-	whose [=intrinsic size=] is fixed regardless of the size of its content.
-	The host language defines which elements are applicable to it.
-	For example, in HTML <{textarea}> is an [=element with default preferred size=].
-
-	<dl dfn-type=value dfn-for=field-sizing>
-		<dt><dfn>fixed</dfn>
-		<dd>
-			For [=element with default preferred size=],
-			the UA must set the [=intrinsic size=]
-			to the default preferred size defined by the host language for that element.
-			Otherwise, the UA must behave the same as ''field-sizing/content''.
-		<dt><dfn>content</dfn>
-		<dd>
-			The UA must determine the element's [=intrinsic size=] based on its content,
-			and must ignore any default preferred size defined by the host language for that element.
-			If the element is an [=element with default preferred size=] and
-			is listed in [[CSS-SIZING-3#min-content-zero|compressible replaced elements]],
-			the UA must stop treating the element as a replaced element for [=min-content contribution=].
-	</dl>
-
-	<div class="example">
-		For instance, <{textarea}> has a fixed size regardless of its content by default:
-
-		<span class="fake-textarea auto">&#x23B8;</span>
-		<span class="fake-textarea auto">The quick brown fox jumps over the lazy dog.</span>
-
-		If ''field-sizing: content'' is applied, the size of the former should fit to a text caret.
-		<span class="fake-textarea">&#x23B8;</span>
-
-		If ''field-sizing: content'' is applied and its width property has a fixed value like ''width: 10em'',
-		the element height depends on the number of the content lines:
-
-		<span class="fake-textarea normal">The quick brown fox jumps over the lazy dog.&#x23B8;</span>
-	</div>
-
-
-<h3 id="input-security">
-Obscuring sensitive input: the 'input-security' property</h3>
-
-	Issue: The CSSWG has agreed that
-	while we believe that providing this piece of functionality to users is important,
-	doing it via CSS+JS is the wrong approach,
-	and that instead it should be built into user agents:
-	this needs to work consistently from site to site for it to be discoverable and understandable by users,
-	this needs to work even when JS is turned off,
-	and this needs to have consistently solid accessibility…
-	We therefore intend to remove this from the specification,
-	and instead, we would like to see this behavior specified in the HTML specification
-	as part of the interaction model of password fields.
-	Holding off deleting until the situation with HTML is clarified.
-	See
-	<a href="https://github.com/w3c/csswg-drafts/issues/6788">https://github.com/w3c/csswg-drafts/issues/6788</a>
-	and
-	<a href="https://github.com/whatwg/html/issues/7293">https://github.com/whatwg/html/issues/7293</a>.
-
-	<pre class=propdef>
-	Name: input-security
-	Value: auto | none
-	Initial: ''input-security/auto''
-	Applies to: [=sensitive text inputs=]
-	Inherited: no
-	Percentages: N/A
-	Computed Value: as specified
-	Canonical order: per grammar
-	Animation type: by computed value type
-	</pre>
-
-	For the purpose of this specification,
-	a <dfn export>sensitive text input</dfn> is
-	a text input whose purpose is to accept sensitive input,
-	as defined by the host language.
-	For example, in HTML <{input/type/password|&lt;input type=password&gt;}> is a [=sensitive text input=].
-
-	By default, user agents obscure the contents of [=sensitive text inputs=]
-	in order to prevent onlookers from seeing it.
-	Users may wish to temporarily disable this obscuring
-	in order to confirm that they've typed their sensitive information correctly.
-	The ''input-security'' property may be used by authors
-	to enable or disable this obscuring.
-
-	<dl dfn-type=value dfn-for=input-security>
-		<dt><dfn>none</dfn>
-		<dd>
-			The UA must not obscure the text in the control,
-			so that it can be read by the user.
-		<dt><dfn>auto</dfn>
-		<dd>
-			The UA should obscure the text in the control,
-			so that it cannot be read by the user.
-	</dl>
-
-	While the exact mechanism by which user agents obscure the text in the control is undefined, user agents typically obscure [=sensitive text inputs=] by replacing each character with some suitable replacement such as U+002A ASTERISK (*) or U+25CF BLACK CIRCLE (●).
-
-	<div class="example">
-		For instance, given this style sheet
-		<pre><code class="lang-css">
-		input[type=password] {
-			input-security: auto;
-		}</code></pre>
-		and this HTML
-		<pre><code class="lang-html">
-		&lt;input type=password value=MySecret794>
-		</code></pre>
-		a user agent might render the <{input/type/password|&lt;input type=password&gt;}> like so:
-		<span class=fake-input-type-password>●●●●●●●●●●●</span>
-	</div>
-
-
 <h3 id=control-specific-rules>
 Control-Specific Rules</h3>
 
@@ -2877,6 +2752,9 @@ Changes from the <a href="https://www.w3.org/TR/2021/WD-css-ui-4-20210316/">16 M
 			Removed claims that 'outline-width' may influence the rendering
 			of ''outline-style: auto'' outlines.
 			(See <a href="https://github.com/w3c/csswg-drafts/issues/9201">Issue 9201</a>.)
+
+		<li>
+			Moved 'field-sizing' and 'input-security' properties to css-forms-1.
 	</ul>
 
 
