From aa3fe7e2fccf48ba09776b8ec964408171bf86ef Mon Sep 17 00:00:00 2001
From: Luke Warlow <lwarlow@igalia.com>
Date: Thu, 24 Apr 2025 13:32:52 +0100
Subject: [PATCH 01/13] Trusted Types

---
 dom.bs | 93 +++++++++++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 76 insertions(+), 17 deletions(-)

diff --git a/dom.bs b/dom.bs
index e61c3fc0..50b6ab1e 100644
--- a/dom.bs
+++ b/dom.bs
@@ -50,9 +50,11 @@ spec:html; type:element
 <p>This specification depends on the Infra Standard. [[!INFRA]]
 
 <p>Some of the terms used in this specification are defined in <cite>Encoding</cite>,
-<cite>Selectors</cite>, <cite>Web IDL</cite>, <cite>XML</cite>, and <cite>Namespaces in XML</cite>.
+<cite>Selectors</cite>, <cite>Trusted Types</cite>, <cite>Web IDL</cite>, <cite>XML</cite>, and
+<cite>Namespaces in XML</cite>.
 [[!ENCODING]]
 [[!SELECTORS4]]
+[[!TRUSTED-TYPES]]
 [[!WEBIDL]]
 [[!XML]]
 [[!XML-NAMES]]
@@ -6633,8 +6635,8 @@ interface Element : Node {
   sequence&lt;DOMString> getAttributeNames();
   DOMString? getAttribute(DOMString qualifiedName);
   DOMString? getAttributeNS(DOMString? namespace, DOMString localName);
-  [CEReactions] undefined setAttribute(DOMString qualifiedName, DOMString value);
-  [CEReactions] undefined setAttributeNS(DOMString? namespace, DOMString qualifiedName, DOMString value);
+  [CEReactions] undefined setAttribute(DOMString qualifiedName, (TrustedType or DOMString) value);
+  [CEReactions] undefined setAttributeNS(DOMString? namespace, DOMString qualifiedName, (TrustedType or DOMString) value);
   [CEReactions] undefined removeAttribute(DOMString qualifiedName);
   [CEReactions] undefined removeAttributeNS(DOMString? namespace, DOMString localName);
   [CEReactions] boolean toggleAttribute(DOMString qualifiedName, optional boolean force);
@@ -7063,6 +7065,14 @@ steps:
  <a for=Attr>value</a>.
 </ol>
 
+<p>To <dfn>verify attribute value</dfn> given a {{TrustedType}} or string <var>value</var>, an
+<a>attribute</a> <var>attribute</var>, and an <a for=/>Element</a> <var>element</var>:
+
+<ol>
+ <li><p>Return the result of calling <a abstract-op>get Trusted Types-compliant attribute value</a>
+ given <var>attribute</var>, with <var>element</var>, and <var>value</var>. [[!TRUSTED-TYPES]]
+</ol>
+
 <hr>
 
 <div algorithm>
@@ -7115,6 +7125,10 @@ string <var>namespace</var> (default null):</p>
 <a for=/>attribute</a> <var>attr</var> and an <a for=/>element</a> <var>element</var>:
 
 <ol>
+ <li><p>Let <var>verifiedValue</var> be the result of
+ <a lt="verify attribute value">verifying an attribute value</a> given <var>attr</var>'s
+ <a for=Attr>value</a>, <var>attr</var>, and <var>element</var>.
+
  <li><p>If <var>attr</var>'s <a for=Attr>element</a> is neither null nor <var>element</var>,
  <a>throw</a> an "{{InUseAttributeError!!exception}}" {{DOMException}}.
 
@@ -7130,6 +7144,8 @@ string <var>namespace</var> (default null):</p>
 
  <li><p>Otherwise, <a lt="append an attribute">append</a> <var>attr</var> to <var>element</var>.
 
+ <li><p>Set <var>attr</var>'s <a for=Attr>value</a> to <var>verifiedValue</var>.
+
  <li><p>Return <var>oldAttr</var>.
 </ol>
 </div>
@@ -7141,18 +7157,32 @@ an optional null or string <var>prefix</var> (default null), and an optional nul
 <var>namespace</var> (default null):
 
 <ol>
- <li>Let <var>attribute</var> be the result of
+ <li><p>Let <var>attribute</var> be the result of
  <a lt="get an attribute by namespace and local name">getting an attribute</a> given
  <var>namespace</var>, <var>localName</var>, and <var>element</var>.
 
- <li>If <var>attribute</var> is null, create an <a>attribute</a> whose <a for=Attr>namespace</a> is
- <var>namespace</var>, <a for=Attr>namespace prefix</a> is <var>prefix</var>,
- <a for=Attr>local name</a> is <var>localName</var>, <a for=Attr>value</a> is <var>value</var>, and
- <a for=Node>node document</a> is <var>element</var>'s <a for=Node>node document</a>, then
- <a lt="append an attribute">append</a> this <a>attribute</a> to <var>element</var>, and then
- return.
+ <li><p>If <var>attribute</var> is null, then set attribute to an <a>attribute</a> whose
+ <a for=Attr>namespace</a> is <var>namespace</var>, <a for=Attr>namespace prefix</a> is
+ <var>prefix</var>, <a for=Attr>local name</a> is <var>localName</var>, <a for=Attr>value</a> is
+ <var>value</var>, and <a for=Node>node document</a> is <var>element</var>'s
+ <a for=Node>node document</a>.
+
+ <li><p>Let <var>verifiedValue</var> be the result of
+ <a lt="verify attribute value">verifying an attribute value</a> given <var>value</var>,
+ <var>attribute</var>, and <var>element</var>.
 
- <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>value</var>.
+ <li><p>Set <var>attribute</var> to the result of
+ <a lt="get an attribute by namespace and local name">getting an attribute</a> given
+ <var>namespace</var>, <var>localName</var>, and <var>element</var>.
+
+ <li><p>If <var>attribute</var> is null, create an <a>attribute</a> whose <a for=Attr>namespace</a>
+ is <var>namespace</var>, <a for=Attr>namespace prefix</a> is <var>prefix</var>,
+ <a for=Attr>local name</a> is <var>localName</var>, <a for=Attr>value</a> is
+ <var>verifiedValue</var>, and <a for=Node>node document</a> is <var>element</var>'s
+ <a for=Node>node document</a>, then <a lt="append an attribute">append</a> this <a>attribute</a> to
+ <var>element</var>, and then return.
+
+ <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>verifiedValue</var>.
 </ol>
 </div>
 
@@ -7417,14 +7447,26 @@ method steps are:
  <li><p>Let <var>attribute</var> be the first <a>attribute</a> in <a>this</a>'s
  <a for=Element>attribute list</a> whose <a for=Attr>qualified name</a> is <var>qualifiedName</var>,
  and null otherwise.
- <!-- This is step 2 of "get an attribute by name", modified as appropriate -->
+
+ <li><p>If <var>attribute</var> is null, then set <var>attribute</var> to an <a>attribute</a>
+ whose <a for=Attr>local name</a> is <var>qualifiedName</var>, <a for=Attr>value</a> is
+ <var>value</var>, and <a for=Node>node document</a> is <a>this</a>'s <a for=Node>node document</a>.
+
+ <li><p>Let <var>verifiedValue</var> be the result of
+ <a lt="verify attribute value">verifying an attribute value</a> given <var>value</var>,
+ <var>attribute</var>, and <a>this</a>.
+
+ <li><p>Set <var>attribute</var> to the first <a>attribute</a> in <a>this</a>'s
+ <a for=Element>attribute list</a> whose <a for=Attr>qualified name</a> is <var>qualifiedName</var>,
+ and null otherwise.
 
  <li><p>If <var>attribute</var> is null, create an <a>attribute</a> whose
  <a for=Attr>local name</a> is <var>qualifiedName</var>, <a for=Attr>value</a> is
- <var>value</var>, and <a for=Node>node document</a> is <a>this</a>'s <a for=Node>node document</a>,
- then <a lt="append an attribute">append</a> this <a>attribute</a> to <a>this</a>, and then return.
+ <var>verifiedValue</var>, and <a for=Node>node document</a> is <a>this</a>'s
+ <a for=Node>node document</a>, then <a lt="append an attribute">append</a> this <a>attribute</a>
+ to <a>this</a>, and then return.
 
- <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>value</var>.
+ <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>verifiedValue</var>.
 </ol>
 
 <p>The
@@ -7437,7 +7479,7 @@ method steps are:
  <var>qualifiedName</var> given "<code>element</code>".
 
  <li><p><a>Set an attribute value</a> for <a>this</a> using <var>localName</var>, <var>value</var>,
- and also <var>prefix</var> and <var>namespace</var>.
+ <var>prefix</var>, <var>namespace</var> and true.
 </ol>
 
 <p>The
@@ -8028,7 +8070,24 @@ string <var>value</var>, run these steps:
  <li><p>If <var>attribute</var>'s <a for=Attr>element</a> is null, then set <var>attribute</var>'s
  <a for=Attr>value</a> to <var>value</var>.
 
- <li><p>Otherwise, <a lt="change an attribute">change</a> <var>attribute</var> to <var>value</var>.
+ <li>
+  <p>Otherwise:
+
+  <ol>
+   <li><p>Let <var>originalElement</var> be <var>attribute</var>'s <a for=Attr>element</a>.
+
+   <li><p>Let <var>verifiedValue</var> be the result of
+   <a lt="verify attribute value">verifying an attribute value</a> given <var>value</var>,
+   <var>attribute</var>, and <a>this</a>.
+
+   <li><p>If <var>attribute</var>'s <a for=Attr>element</a> is null, then set <var>attribute</var>'s
+   <a for=Attr>value</a> to <var>verifiedValue</var>, and return.
+
+   <li><p>If <var>attribute</var>'s <a for=Attr>element</a> is not <var>originalElement</var>, then
+   return.
+
+   <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>verifiedValue</var>.
+  </ol>
 </ol>
 
 <p>The {{Attr/value}} setter steps are to <a>set an existing attribute value</a> with <a>this</a>

From 526f42291faaf40b127e5e8541305fbff68a44e3 Mon Sep 17 00:00:00 2001
From: Luke Warlow <lwarlow@igalia.com>
Date: Thu, 24 Apr 2025 13:42:02 +0100
Subject: [PATCH 02/13] Revert change to "set an attribute value"

---
 dom.bs | 30 ++++++++----------------------
 1 file changed, 8 insertions(+), 22 deletions(-)

diff --git a/dom.bs b/dom.bs
index 50b6ab1e..e03c9f0d 100644
--- a/dom.bs
+++ b/dom.bs
@@ -7157,32 +7157,18 @@ an optional null or string <var>prefix</var> (default null), and an optional nul
 <var>namespace</var> (default null):
 
 <ol>
- <li><p>Let <var>attribute</var> be the result of
+ <li>Let <var>attribute</var> be the result of
  <a lt="get an attribute by namespace and local name">getting an attribute</a> given
  <var>namespace</var>, <var>localName</var>, and <var>element</var>.
 
- <li><p>If <var>attribute</var> is null, then set attribute to an <a>attribute</a> whose
- <a for=Attr>namespace</a> is <var>namespace</var>, <a for=Attr>namespace prefix</a> is
- <var>prefix</var>, <a for=Attr>local name</a> is <var>localName</var>, <a for=Attr>value</a> is
- <var>value</var>, and <a for=Node>node document</a> is <var>element</var>'s
- <a for=Node>node document</a>.
-
- <li><p>Let <var>verifiedValue</var> be the result of
- <a lt="verify attribute value">verifying an attribute value</a> given <var>value</var>,
- <var>attribute</var>, and <var>element</var>.
-
- <li><p>Set <var>attribute</var> to the result of
- <a lt="get an attribute by namespace and local name">getting an attribute</a> given
- <var>namespace</var>, <var>localName</var>, and <var>element</var>.
-
- <li><p>If <var>attribute</var> is null, create an <a>attribute</a> whose <a for=Attr>namespace</a>
- is <var>namespace</var>, <a for=Attr>namespace prefix</a> is <var>prefix</var>,
- <a for=Attr>local name</a> is <var>localName</var>, <a for=Attr>value</a> is
- <var>verifiedValue</var>, and <a for=Node>node document</a> is <var>element</var>'s
- <a for=Node>node document</a>, then <a lt="append an attribute">append</a> this <a>attribute</a> to
- <var>element</var>, and then return.
+ <li>If <var>attribute</var> is null, create an <a>attribute</a> whose <a for=Attr>namespace</a> is
+ <var>namespace</var>, <a for=Attr>namespace prefix</a> is <var>prefix</var>,
+ <a for=Attr>local name</a> is <var>localName</var>, <a for=Attr>value</a> is <var>value</var>, and
+ <a for=Node>node document</a> is <var>element</var>'s <a for=Node>node document</a>, then
+ <a lt="append an attribute">append</a> this <a>attribute</a> to <var>element</var>, and then
+ return.
 
- <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>verifiedValue</var>.
+ <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>value</var>.
 </ol>
 </div>
 

From 00d0eaadffaf32ad98076893dc3c6d2a52541181 Mon Sep 17 00:00:00 2001
From: Luke Warlow <lwarlow@igalia.com>
Date: Thu, 24 Apr 2025 14:11:53 +0100
Subject: [PATCH 03/13] Update setAttributeNS to include TT check

---
 dom.bs | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/dom.bs b/dom.bs
index e03c9f0d..bccae19c 100644
--- a/dom.bs
+++ b/dom.bs
@@ -7464,8 +7464,32 @@ method steps are:
  [=validate and extract|validating and extracting=] <var>namespace</var> and
  <var>qualifiedName</var> given "<code>element</code>".
 
- <li><p><a>Set an attribute value</a> for <a>this</a> using <var>localName</var>, <var>value</var>,
- <var>prefix</var>, <var>namespace</var> and true.
+ <li><p>Let <var>attribute</var> be the result of
+ <a lt="get an attribute by namespace and local name">getting an attribute</a> given
+ <var>namespace</var>, <var>localName</var>, and <var>element</var>.
+
+ <li><p>If <var>attribute</var> is null, then set attribute to an <a>attribute</a> whose
+ <a for=Attr>namespace</a> is <var>namespace</var>, <a for=Attr>namespace prefix</a> is
+ <var>prefix</var>, <a for=Attr>local name</a> is <var>localName</var>, <a for=Attr>value</a> is
+ <var>value</var>, and <a for=Node>node document</a> is <var>element</var>'s
+ <a for=Node>node document</a>.
+
+ <li><p>Let <var>verifiedValue</var> be the result of
+ <a lt="verify attribute value">verifying an attribute value</a> given <var>value</var>,
+ <var>attribute</var>, and <var>element</var>.
+
+ <li><p>Set <var>attribute</var> to the result of
+ <a lt="get an attribute by namespace and local name">getting an attribute</a> given
+ <var>namespace</var>, <var>localName</var>, and <var>element</var>.
+
+ <li><p>If <var>attribute</var> is null, create an <a>attribute</a> whose <a for=Attr>namespace</a>
+ is <var>namespace</var>, <a for=Attr>namespace prefix</a> is <var>prefix</var>,
+ <a for=Attr>local name</a> is <var>localName</var>, <a for=Attr>value</a> is
+ <var>verifiedValue</var>, and <a for=Node>node document</a> is <var>element</var>'s
+ <a for=Node>node document</a>, then <a lt="append an attribute">append</a> this <a>attribute</a> to
+ <var>element</var>, and then return.
+
+ <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>verifiedValue</var>.
 </ol>
 
 <p>The

From f5e3984bb8a536ac64e5dcee92ace1210952eda0 Mon Sep 17 00:00:00 2001
From: Luke Warlow <lwarlow@igalia.com>
Date: Wed, 25 Jun 2025 15:19:13 +0100
Subject: [PATCH 04/13] Remove extra algorithm that called through to TT and
 call TT directly from the various algorithms, also update call signature to
 match changes in TT.

---
 dom.bs | 56 ++++++++++++++++----------------------------------------
 1 file changed, 16 insertions(+), 40 deletions(-)

diff --git a/dom.bs b/dom.bs
index bccae19c..9ad411ec 100644
--- a/dom.bs
+++ b/dom.bs
@@ -7065,14 +7065,6 @@ steps:
  <a for=Attr>value</a>.
 </ol>
 
-<p>To <dfn>verify attribute value</dfn> given a {{TrustedType}} or string <var>value</var>, an
-<a>attribute</a> <var>attribute</var>, and an <a for=/>Element</a> <var>element</var>:
-
-<ol>
- <li><p>Return the result of calling <a abstract-op>get Trusted Types-compliant attribute value</a>
- given <var>attribute</var>, with <var>element</var>, and <var>value</var>. [[!TRUSTED-TYPES]]
-</ol>
-
 <hr>
 
 <div algorithm>
@@ -7125,9 +7117,10 @@ string <var>namespace</var> (default null):</p>
 <a for=/>attribute</a> <var>attr</var> and an <a for=/>element</a> <var>element</var>:
 
 <ol>
- <li><p>Let <var>verifiedValue</var> be the result of
- <a lt="verify attribute value">verifying an attribute value</a> given <var>attr</var>'s
- <a for=Attr>value</a>, <var>attr</var>, and <var>element</var>.
+ <li><p>Let <var>verifiedValue</var> be the result of calling <a abstract-op>get
+ Trusted Types-compliant attribute value</a> with <var>attr</var>'s <a for=Attr>local name</a>,
+ <var>attr</var>'s <a for=Attr>namespace</a>, <var>element</var>, and <var>attr</var>'s
+ <a for=Attr>value</a>. [[!TRUSTED-TYPES]]
 
  <li><p>If <var>attr</var>'s <a for=Attr>element</a> is neither null nor <var>element</var>,
  <a>throw</a> an "{{InUseAttributeError!!exception}}" {{DOMException}}.
@@ -7430,19 +7423,11 @@ method steps are:
  <a>HTML document</a>, then set <var>qualifiedName</var> to <var>qualifiedName</var> in
  <a>ASCII lowercase</a>.
 
- <li><p>Let <var>attribute</var> be the first <a>attribute</a> in <a>this</a>'s
- <a for=Element>attribute list</a> whose <a for=Attr>qualified name</a> is <var>qualifiedName</var>,
- and null otherwise.
-
- <li><p>If <var>attribute</var> is null, then set <var>attribute</var> to an <a>attribute</a>
- whose <a for=Attr>local name</a> is <var>qualifiedName</var>, <a for=Attr>value</a> is
- <var>value</var>, and <a for=Node>node document</a> is <a>this</a>'s <a for=Node>node document</a>.
-
- <li><p>Let <var>verifiedValue</var> be the result of
- <a lt="verify attribute value">verifying an attribute value</a> given <var>value</var>,
- <var>attribute</var>, and <a>this</a>.
+ <li><p>Let <var>verifiedValue</var> be the result of calling <a abstract-op>get
+ Trusted Types-compliant attribute value</a> with <var>qualifiedName</var>, null, <a>this</a>, and
+ <var>value</var>. [[!TRUSTED-TYPES]]
 
- <li><p>Set <var>attribute</var> to the first <a>attribute</a> in <a>this</a>'s
+ <li><p>Let <var>attribute</var> be the first <a>attribute</a> in <a>this</a>'s
  <a for=Element>attribute list</a> whose <a for=Attr>qualified name</a> is <var>qualifiedName</var>,
  and null otherwise.
 
@@ -7464,21 +7449,11 @@ method steps are:
  [=validate and extract|validating and extracting=] <var>namespace</var> and
  <var>qualifiedName</var> given "<code>element</code>".
 
- <li><p>Let <var>attribute</var> be the result of
- <a lt="get an attribute by namespace and local name">getting an attribute</a> given
- <var>namespace</var>, <var>localName</var>, and <var>element</var>.
-
- <li><p>If <var>attribute</var> is null, then set attribute to an <a>attribute</a> whose
- <a for=Attr>namespace</a> is <var>namespace</var>, <a for=Attr>namespace prefix</a> is
- <var>prefix</var>, <a for=Attr>local name</a> is <var>localName</var>, <a for=Attr>value</a> is
- <var>value</var>, and <a for=Node>node document</a> is <var>element</var>'s
- <a for=Node>node document</a>.
-
- <li><p>Let <var>verifiedValue</var> be the result of
- <a lt="verify attribute value">verifying an attribute value</a> given <var>value</var>,
- <var>attribute</var>, and <var>element</var>.
+ <li><p>Let <var>verifiedValue</var> be the result of calling <a abstract-op>get
+ Trusted Types-compliant attribute value</a> with <var>localName</var>, <var>namespace</var>,
+ <var>element</var>, and <var>value</var>. [[!TRUSTED-TYPES]]
 
- <li><p>Set <var>attribute</var> to the result of
+ <li><p>Let <var>attribute</var> be the result of
  <a lt="get an attribute by namespace and local name">getting an attribute</a> given
  <var>namespace</var>, <var>localName</var>, and <var>element</var>.
 
@@ -8086,9 +8061,10 @@ string <var>value</var>, run these steps:
   <ol>
    <li><p>Let <var>originalElement</var> be <var>attribute</var>'s <a for=Attr>element</a>.
 
-   <li><p>Let <var>verifiedValue</var> be the result of
-   <a lt="verify attribute value">verifying an attribute value</a> given <var>value</var>,
-   <var>attribute</var>, and <a>this</a>.
+   <li><p>Let <var>verifiedValue</var> be the result of calling <a abstract-op>get
+   Trusted Types-compliant attribute value</a> with <var>attribute</var>'s
+   <a for=Attr>local name</a>, <var>attribute</var>'s <a for=Attr>namespace</a>, <a>this</a>,
+   and <var>value</var>. [[!TRUSTED-TYPES]]
 
    <li><p>If <var>attribute</var>'s <a for=Attr>element</a> is null, then set <var>attribute</var>'s
    <a for=Attr>value</a> to <var>verifiedValue</var>, and return.

From df2bccd1f43d361c262620d26e5b496adf29f30c Mon Sep 17 00:00:00 2001
From: Luke Warlow <lwarlow@igalia.com>
Date: Thu, 3 Jul 2025 10:02:09 +0100
Subject: [PATCH 05/13] Revert larger change to setAttributeNs as its no longer
 neccessary.

---
 dom.bs | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/dom.bs b/dom.bs
index 9ad411ec..40691488 100644
--- a/dom.bs
+++ b/dom.bs
@@ -7453,18 +7453,8 @@ method steps are:
  Trusted Types-compliant attribute value</a> with <var>localName</var>, <var>namespace</var>,
  <var>element</var>, and <var>value</var>. [[!TRUSTED-TYPES]]
 
- <li><p>Let <var>attribute</var> be the result of
- <a lt="get an attribute by namespace and local name">getting an attribute</a> given
- <var>namespace</var>, <var>localName</var>, and <var>element</var>.
-
- <li><p>If <var>attribute</var> is null, create an <a>attribute</a> whose <a for=Attr>namespace</a>
- is <var>namespace</var>, <a for=Attr>namespace prefix</a> is <var>prefix</var>,
- <a for=Attr>local name</a> is <var>localName</var>, <a for=Attr>value</a> is
- <var>verifiedValue</var>, and <a for=Node>node document</a> is <var>element</var>'s
- <a for=Node>node document</a>, then <a lt="append an attribute">append</a> this <a>attribute</a> to
- <var>element</var>, and then return.
-
- <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>verifiedValue</var>.
+ <li><p><a>Set an attribute value</a> for <a>this</a> using <var>localName</var>,
+ <var>verifiedValue</var>, and also <var>prefix</var> and <var>namespace</var>.
 </ol>
 
 <p>The

From eb1b5463767bcc0ac5d7317e56cea531dbad3e7a Mon Sep 17 00:00:00 2001
From: Luke Warlow <lwarlow@igalia.com>
Date: Thu, 3 Jul 2025 13:34:36 +0100
Subject: [PATCH 06/13] Set attr's value to verifiedValue before attribute
 change steps are fired.

---
 dom.bs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dom.bs b/dom.bs
index 40691488..9418efde 100644
--- a/dom.bs
+++ b/dom.bs
@@ -7132,13 +7132,13 @@ string <var>namespace</var> (default null):</p>
 
  <li><p>If <var>oldAttr</var> is <var>attr</var>, return <var>attr</var>.
 
+ <li><p>Set <var>attr</var>'s <a for=Attr>value</a> to <var>verifiedValue</var>.
+
  <li><p>If <var>oldAttr</var> is non-null, then <a lt="replace an attribute">replace</a>
  <var>oldAttr</var> with <var>attr</var>.
 
  <li><p>Otherwise, <a lt="append an attribute">append</a> <var>attr</var> to <var>element</var>.
 
- <li><p>Set <var>attr</var>'s <a for=Attr>value</a> to <var>verifiedValue</var>.
-
  <li><p>Return <var>oldAttr</var>.
 </ol>
 </div>

From 1e3cef84935091e44985cb3d34d138cda1b98959 Mon Sep 17 00:00:00 2001
From: Luke Warlow <lwarlow@igalia.com>
Date: Tue, 30 Sep 2025 21:13:03 +0100
Subject: [PATCH 07/13] Replace this with originalElement inside set an
 existing attribute value

---
 dom.bs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dom.bs b/dom.bs
index 9418efde..4f300a1e 100644
--- a/dom.bs
+++ b/dom.bs
@@ -8053,8 +8053,8 @@ string <var>value</var>, run these steps:
 
    <li><p>Let <var>verifiedValue</var> be the result of calling <a abstract-op>get
    Trusted Types-compliant attribute value</a> with <var>attribute</var>'s
-   <a for=Attr>local name</a>, <var>attribute</var>'s <a for=Attr>namespace</a>, <a>this</a>,
-   and <var>value</var>. [[!TRUSTED-TYPES]]
+   <a for=Attr>local name</a>, <var>attribute</var>'s <a for=Attr>namespace</a>,
+   <var>originalElement</var>, and <var>value</var>. [[!TRUSTED-TYPES]]
 
    <li><p>If <var>attribute</var>'s <a for=Attr>element</a> is null, then set <var>attribute</var>'s
    <a for=Attr>value</a> to <var>verifiedValue</var>, and return.

From 6fe40a326ffbd63890a5422f2c38faf63978f64c Mon Sep 17 00:00:00 2001
From: Luke Warlow <lwarlow@igalia.com>
Date: Tue, 30 Sep 2025 21:46:04 +0100
Subject: [PATCH 08/13] Rename originalElement to just element

---
 dom.bs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/dom.bs b/dom.bs
index 4f300a1e..b5f167fe 100644
--- a/dom.bs
+++ b/dom.bs
@@ -8049,17 +8049,17 @@ string <var>value</var>, run these steps:
   <p>Otherwise:
 
   <ol>
-   <li><p>Let <var>originalElement</var> be <var>attribute</var>'s <a for=Attr>element</a>.
+   <li><p>Let <var>element</var> be <var>attribute</var>'s <a for=Attr>element</a>.
 
    <li><p>Let <var>verifiedValue</var> be the result of calling <a abstract-op>get
    Trusted Types-compliant attribute value</a> with <var>attribute</var>'s
    <a for=Attr>local name</a>, <var>attribute</var>'s <a for=Attr>namespace</a>,
-   <var>originalElement</var>, and <var>value</var>. [[!TRUSTED-TYPES]]
+   <var>element</var>, and <var>value</var>. [[!TRUSTED-TYPES]]
 
    <li><p>If <var>attribute</var>'s <a for=Attr>element</a> is null, then set <var>attribute</var>'s
    <a for=Attr>value</a> to <var>verifiedValue</var>, and return.
 
-   <li><p>If <var>attribute</var>'s <a for=Attr>element</a> is not <var>originalElement</var>, then
+   <li><p>If <var>attribute</var>'s <a for=Attr>element</a> is not <var>element</var>, then
    return.
 
    <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>verifiedValue</var>.

From 78773d9f5fe2094a84c161ca93c67808c74372db Mon Sep 17 00:00:00 2001
From: Luke Warlow <lwarlow@igalia.com>
Date: Tue, 28 Oct 2025 13:42:39 +0000
Subject: [PATCH 09/13] Swap element for this in setAttributeNs

---
 dom.bs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dom.bs b/dom.bs
index b5f167fe..d3db9875 100644
--- a/dom.bs
+++ b/dom.bs
@@ -7451,7 +7451,7 @@ method steps are:
 
  <li><p>Let <var>verifiedValue</var> be the result of calling <a abstract-op>get
  Trusted Types-compliant attribute value</a> with <var>localName</var>, <var>namespace</var>,
- <var>element</var>, and <var>value</var>. [[!TRUSTED-TYPES]]
+ <a>this</a>, and <var>value</var>. [[!TRUSTED-TYPES]]
 
  <li><p><a>Set an attribute value</a> for <a>this</a> using <var>localName</var>,
  <var>verifiedValue</var>, and also <var>prefix</var> and <var>namespace</var>.

From f3148ed7db9b86d79c96ae0557c17d633bf897fc Mon Sep 17 00:00:00 2001
From: Luke Warlow <lwarlow@igalia.com>
Date: Tue, 28 Oct 2025 14:02:01 +0000
Subject: [PATCH 10/13] Drop abstract-op and fix associated formatting

---
 dom.bs | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/dom.bs b/dom.bs
index d3db9875..75167c67 100644
--- a/dom.bs
+++ b/dom.bs
@@ -7117,10 +7117,10 @@ string <var>namespace</var> (default null):</p>
 <a for=/>attribute</a> <var>attr</var> and an <a for=/>element</a> <var>element</var>:
 
 <ol>
- <li><p>Let <var>verifiedValue</var> be the result of calling <a abstract-op>get
- Trusted Types-compliant attribute value</a> with <var>attr</var>'s <a for=Attr>local name</a>,
- <var>attr</var>'s <a for=Attr>namespace</a>, <var>element</var>, and <var>attr</var>'s
- <a for=Attr>value</a>. [[!TRUSTED-TYPES]]
+ <li><p>Let <var>verifiedValue</var> be the result of calling
+ <a>get Trusted Types-compliant attribute value</a> with <var>attr</var>'s
+ <a for=Attr>local name</a>, <var>attr</var>'s <a for=Attr>namespace</a>, <var>element</var>, and
+ <var>attr</var>'s <a for=Attr>value</a>. [[!TRUSTED-TYPES]]
 
  <li><p>If <var>attr</var>'s <a for=Attr>element</a> is neither null nor <var>element</var>,
  <a>throw</a> an "{{InUseAttributeError!!exception}}" {{DOMException}}.
@@ -7423,9 +7423,9 @@ method steps are:
  <a>HTML document</a>, then set <var>qualifiedName</var> to <var>qualifiedName</var> in
  <a>ASCII lowercase</a>.
 
- <li><p>Let <var>verifiedValue</var> be the result of calling <a abstract-op>get
- Trusted Types-compliant attribute value</a> with <var>qualifiedName</var>, null, <a>this</a>, and
- <var>value</var>. [[!TRUSTED-TYPES]]
+ <li><p>Let <var>verifiedValue</var> be the result of calling
+ <a>get Trusted Types-compliant attribute value</a> with <var>qualifiedName</var>, null,
+ <a>this</a>, and <var>value</var>. [[!TRUSTED-TYPES]]
 
  <li><p>Let <var>attribute</var> be the first <a>attribute</a> in <a>this</a>'s
  <a for=Element>attribute list</a> whose <a for=Attr>qualified name</a> is <var>qualifiedName</var>,
@@ -7449,8 +7449,8 @@ method steps are:
  [=validate and extract|validating and extracting=] <var>namespace</var> and
  <var>qualifiedName</var> given "<code>element</code>".
 
- <li><p>Let <var>verifiedValue</var> be the result of calling <a abstract-op>get
- Trusted Types-compliant attribute value</a> with <var>localName</var>, <var>namespace</var>,
+ <li><p>Let <var>verifiedValue</var> be the result of calling
+ <a>get Trusted Types-compliant attribute value</a> with <var>localName</var>, <var>namespace</var>,
  <a>this</a>, and <var>value</var>. [[!TRUSTED-TYPES]]
 
  <li><p><a>Set an attribute value</a> for <a>this</a> using <var>localName</var>,
@@ -8051,8 +8051,8 @@ string <var>value</var>, run these steps:
   <ol>
    <li><p>Let <var>element</var> be <var>attribute</var>'s <a for=Attr>element</a>.
 
-   <li><p>Let <var>verifiedValue</var> be the result of calling <a abstract-op>get
-   Trusted Types-compliant attribute value</a> with <var>attribute</var>'s
+   <li><p>Let <var>verifiedValue</var> be the result of calling
+   <a>get Trusted Types-compliant attribute value</a> with <var>attribute</var>'s
    <a for=Attr>local name</a>, <var>attribute</var>'s <a for=Attr>namespace</a>,
    <var>element</var>, and <var>value</var>. [[!TRUSTED-TYPES]]
 

From 383d39c3586f8ec4963d69a1c43eff52ac271e28 Mon Sep 17 00:00:00 2001
From: Luke Warlow <lwarlow@igalia.com>
Date: Tue, 28 Oct 2025 15:38:12 +0000
Subject: [PATCH 11/13] Rename tt algorithm

---
 dom.bs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/dom.bs b/dom.bs
index 75167c67..ae4fe588 100644
--- a/dom.bs
+++ b/dom.bs
@@ -7118,7 +7118,7 @@ string <var>namespace</var> (default null):</p>
 
 <ol>
  <li><p>Let <var>verifiedValue</var> be the result of calling
- <a>get Trusted Types-compliant attribute value</a> with <var>attr</var>'s
+ <a>get trusted type compliant attribute value</a> with <var>attr</var>'s
  <a for=Attr>local name</a>, <var>attr</var>'s <a for=Attr>namespace</a>, <var>element</var>, and
  <var>attr</var>'s <a for=Attr>value</a>. [[!TRUSTED-TYPES]]
 
@@ -7424,7 +7424,7 @@ method steps are:
  <a>ASCII lowercase</a>.
 
  <li><p>Let <var>verifiedValue</var> be the result of calling
- <a>get Trusted Types-compliant attribute value</a> with <var>qualifiedName</var>, null,
+ <a>get trusted type compliant attribute value</a> with <var>qualifiedName</var>, null,
  <a>this</a>, and <var>value</var>. [[!TRUSTED-TYPES]]
 
  <li><p>Let <var>attribute</var> be the first <a>attribute</a> in <a>this</a>'s
@@ -7450,7 +7450,7 @@ method steps are:
  <var>qualifiedName</var> given "<code>element</code>".
 
  <li><p>Let <var>verifiedValue</var> be the result of calling
- <a>get Trusted Types-compliant attribute value</a> with <var>localName</var>, <var>namespace</var>,
+ <a>get trusted type compliant attribute value</a> with <var>localName</var>, <var>namespace</var>,
  <a>this</a>, and <var>value</var>. [[!TRUSTED-TYPES]]
 
  <li><p><a>Set an attribute value</a> for <a>this</a> using <var>localName</var>,
@@ -8052,7 +8052,7 @@ string <var>value</var>, run these steps:
    <li><p>Let <var>element</var> be <var>attribute</var>'s <a for=Attr>element</a>.
 
    <li><p>Let <var>verifiedValue</var> be the result of calling
-   <a>get Trusted Types-compliant attribute value</a> with <var>attribute</var>'s
+   <a>get trusted type compliant attribute value</a> with <var>attribute</var>'s
    <a for=Attr>local name</a>, <var>attribute</var>'s <a for=Attr>namespace</a>,
    <var>element</var>, and <var>value</var>. [[!TRUSTED-TYPES]]
 

From 2075acd382315d1a676eb1189d63c2945019ab9c Mon Sep 17 00:00:00 2001
From: Luke Warlow <lwarlow@igalia.com>
Date: Thu, 30 Oct 2025 13:03:23 +0000
Subject: [PATCH 12/13] Remove early return when setting an existing attribute
 value and the attribute moves elements during the TT callback

---
 dom.bs | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/dom.bs b/dom.bs
index ae4fe588..bfd0ce5a 100644
--- a/dom.bs
+++ b/dom.bs
@@ -8059,9 +8059,6 @@ string <var>value</var>, run these steps:
    <li><p>If <var>attribute</var>'s <a for=Attr>element</a> is null, then set <var>attribute</var>'s
    <a for=Attr>value</a> to <var>verifiedValue</var>, and return.
 
-   <li><p>If <var>attribute</var>'s <a for=Attr>element</a> is not <var>element</var>, then
-   return.
-
    <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>verifiedValue</var>.
   </ol>
 </ol>

From 1ff8aaa8e3bfc54b7de25d749000705f12d20853 Mon Sep 17 00:00:00 2001
From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 30 Oct 2025 18:00:57 +0100
Subject: [PATCH 13/13] modernize some of the old prose and lean on early
 returns

---
 dom.bs | 42 +++++++++++++++++++-----------------------
 1 file changed, 19 insertions(+), 23 deletions(-)

diff --git a/dom.bs b/dom.bs
index bfd0ce5a..91f00454 100644
--- a/dom.bs
+++ b/dom.bs
@@ -7424,20 +7424,21 @@ method steps are:
  <a>ASCII lowercase</a>.
 
  <li><p>Let <var>verifiedValue</var> be the result of calling
- <a>get trusted type compliant attribute value</a> with <var>qualifiedName</var>, null,
- <a>this</a>, and <var>value</var>. [[!TRUSTED-TYPES]]
+ <a>get trusted type compliant attribute value</a> with <var>qualifiedName</var>, null, <a>this</a>,
+ and <var>value</var>. [[!TRUSTED-TYPES]]
 
  <li><p>Let <var>attribute</var> be the first <a>attribute</a> in <a>this</a>'s
  <a for=Element>attribute list</a> whose <a for=Attr>qualified name</a> is <var>qualifiedName</var>,
  and null otherwise.
 
- <li><p>If <var>attribute</var> is null, create an <a>attribute</a> whose
- <a for=Attr>local name</a> is <var>qualifiedName</var>, <a for=Attr>value</a> is
- <var>verifiedValue</var>, and <a for=Node>node document</a> is <a>this</a>'s
- <a for=Node>node document</a>, then <a lt="append an attribute">append</a> this <a>attribute</a>
- to <a>this</a>, and then return.
+ <li><p>If <var>attribute</var> is non-null, then <a lt="change an attribute">change</a>
+ <var>attribute</var> to <var>verifiedValue</var> and return.
 
- <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>verifiedValue</var>.
+ <li><p>Set <var>attribute</var> to a new <a>attribute</a> whose <a for=Attr>local name</a> is
+ <var>qualifiedName</var>, <a for=Attr>value</a> is <var>verifiedValue</var>, and
+ <a for=Node>node document</a> is <a>this</a>'s <a for=Node>node document</a>.
+
+ <li><p><a lt="append an attribute">Append</a> <var>attribute</var> to <a>this</a>.
 </ol>
 
 <p>The
@@ -7454,7 +7455,7 @@ method steps are:
  <a>this</a>, and <var>value</var>. [[!TRUSTED-TYPES]]
 
  <li><p><a>Set an attribute value</a> for <a>this</a> using <var>localName</var>,
- <var>verifiedValue</var>, and also <var>prefix</var> and <var>namespace</var>.
+ <var>verifiedValue</var>, <var>prefix</var>, and <var>namespace</var>.
 </ol>
 
 <p>The
@@ -8043,24 +8044,19 @@ string <var>value</var>, run these steps:
 
 <ol>
  <li><p>If <var>attribute</var>'s <a for=Attr>element</a> is null, then set <var>attribute</var>'s
- <a for=Attr>value</a> to <var>value</var>.
+ <a for=Attr>value</a> to <var>value</var> and return.
 
- <li>
-  <p>Otherwise:
+ <li><p>Let <var>element</var> be <var>attribute</var>'s <a for=Attr>element</a>.
 
-  <ol>
-   <li><p>Let <var>element</var> be <var>attribute</var>'s <a for=Attr>element</a>.
-
-   <li><p>Let <var>verifiedValue</var> be the result of calling
-   <a>get trusted type compliant attribute value</a> with <var>attribute</var>'s
-   <a for=Attr>local name</a>, <var>attribute</var>'s <a for=Attr>namespace</a>,
-   <var>element</var>, and <var>value</var>. [[!TRUSTED-TYPES]]
+ <li><p>Let <var>verifiedValue</var> be the result of calling
+ <a>get trusted type compliant attribute value</a> with <var>attribute</var>'s
+ <a for=Attr>local name</a>, <var>attribute</var>'s <a for=Attr>namespace</a>, <var>element</var>,
+ and <var>value</var>. [[!TRUSTED-TYPES]]
 
-   <li><p>If <var>attribute</var>'s <a for=Attr>element</a> is null, then set <var>attribute</var>'s
-   <a for=Attr>value</a> to <var>verifiedValue</var>, and return.
+ <li><p>If <var>attribute</var>'s <a for=Attr>element</a> is null, then set <var>attribute</var>'s
+ <a for=Attr>value</a> to <var>verifiedValue</var> and return.
 
-   <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>verifiedValue</var>.
-  </ol>
+ <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>verifiedValue</var>.
 </ol>
 
 <p>The {{Attr/value}} setter steps are to <a>set an existing attribute value</a> with <a>this</a>