From a665ee44b44139000ceb41fb8f0b0033a72fae9c Mon Sep 17 00:00:00 2001
From: Luke Warlow <lwarlow@igalia.com>
Date: Thu, 24 Apr 2025 13:32:52 +0100
Subject: [PATCH 1/6] Trusted Types

---
 dom.bs | 93 +++++++++++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 76 insertions(+), 17 deletions(-)

diff --git a/dom.bs b/dom.bs
index 491e2691..3c2db63c 100644
--- a/dom.bs
+++ b/dom.bs
@@ -54,9 +54,11 @@ spec:html; type:element
 <p>This specification depends on the Infra Standard. [[!INFRA]]
 
 <p>Some of the terms used in this specification are defined in <cite>Encoding</cite>,
-<cite>Selectors</cite>, <cite>Web IDL</cite>, <cite>XML</cite>, and <cite>Namespaces in XML</cite>.
+<cite>Selectors</cite>, <cite>Trusted Types</cite>, <cite>Web IDL</cite>, <cite>XML</cite>, and
+<cite>Namespaces in XML</cite>.
 [[!ENCODING]]
 [[!SELECTORS4]]
+[[!TRUSTED-TYPES]]
 [[!WEBIDL]]
 [[!XML]]
 [[!XML-NAMES]]
@@ -6520,8 +6522,8 @@ interface Element : Node {
   sequence&lt;DOMString> getAttributeNames();
   DOMString? getAttribute(DOMString qualifiedName);
   DOMString? getAttributeNS(DOMString? namespace, DOMString localName);
-  [CEReactions] undefined setAttribute(DOMString qualifiedName, DOMString value);
-  [CEReactions] undefined setAttributeNS(DOMString? namespace, DOMString qualifiedName, DOMString value);
+  [CEReactions] undefined setAttribute(DOMString qualifiedName, (TrustedType or DOMString) value);
+  [CEReactions] undefined setAttributeNS(DOMString? namespace, DOMString qualifiedName, (TrustedType or DOMString) value);
   [CEReactions] undefined removeAttribute(DOMString qualifiedName);
   [CEReactions] undefined removeAttributeNS(DOMString? namespace, DOMString localName);
   [CEReactions] boolean toggleAttribute(DOMString qualifiedName, optional boolean force);
@@ -6946,6 +6948,14 @@ steps:
  <a for=Attr>value</a>.
 </ol>
 
+<p>To <dfn>verify attribute value</dfn> given a {{TrustedType}} or string <var>value</var>, an
+<a>attribute</a> <var>attribute</var>, and an <a for=/>Element</a> <var>element</var>:
+
+<ol>
+ <li><p>Return the result of calling <a abstract-op>get Trusted Types-compliant attribute value</a>
+ given <var>attribute</var>, with <var>element</var>, and <var>value</var>. [[!TRUSTED-TYPES]]
+</ol>
+
 <hr>
 
 <div algorithm>
@@ -6998,6 +7008,10 @@ string <var>namespace</var> (default null):</p>
 <a for=/>attribute</a> <var>attr</var> and an <a for=/>element</a> <var>element</var>:
 
 <ol>
+ <li><p>Let <var>verifiedValue</var> be the result of
+ <a lt="verify attribute value">verifying an attribute value</a> given <var>attr</var>'s
+ <a for=Attr>value</a>, <var>attr</var>, and <var>element</var>.
+
  <li><p>If <var>attr</var>'s <a for=Attr>element</a> is neither null nor <var>element</var>,
  <a>throw</a> an "{{InUseAttributeError!!exception}}" {{DOMException}}.
 
@@ -7013,6 +7027,8 @@ string <var>namespace</var> (default null):</p>
 
  <li><p>Otherwise, <a lt="append an attribute">append</a> <var>attr</var> to <var>element</var>.
 
+ <li><p>Set <var>attr</var>'s <a for=Attr>value</a> to <var>verifiedValue</var>.
+
  <li><p>Return <var>oldAttr</var>.
 </ol>
 </div>
@@ -7024,18 +7040,32 @@ an optional null or string <var>prefix</var> (default null), and an optional nul
 <var>namespace</var> (default null):
 
 <ol>
- <li>Let <var>attribute</var> be the result of
+ <li><p>Let <var>attribute</var> be the result of
  <a lt="get an attribute by namespace and local name">getting an attribute</a> given
  <var>namespace</var>, <var>localName</var>, and <var>element</var>.
 
- <li>If <var>attribute</var> is null, create an <a>attribute</a> whose <a for=Attr>namespace</a> is
- <var>namespace</var>, <a for=Attr>namespace prefix</a> is <var>prefix</var>,
- <a for=Attr>local name</a> is <var>localName</var>, <a for=Attr>value</a> is <var>value</var>, and
- <a for=Node>node document</a> is <var>element</var>'s <a for=Node>node document</a>, then
- <a lt="append an attribute">append</a> this <a>attribute</a> to <var>element</var>, and then
- return.
+ <li><p>If <var>attribute</var> is null, then set attribute to an <a>attribute</a> whose
+ <a for=Attr>namespace</a> is <var>namespace</var>, <a for=Attr>namespace prefix</a> is
+ <var>prefix</var>, <a for=Attr>local name</a> is <var>localName</var>, <a for=Attr>value</a> is
+ <var>value</var>, and <a for=Node>node document</a> is <var>element</var>'s
+ <a for=Node>node document</a>.
+
+ <li><p>Let <var>verifiedValue</var> be the result of
+ <a lt="verify attribute value">verifying an attribute value</a> given <var>value</var>,
+ <var>attribute</var>, and <var>element</var>.
 
- <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>value</var>.
+ <li><p>Set <var>attribute</var> to the result of
+ <a lt="get an attribute by namespace and local name">getting an attribute</a> given
+ <var>namespace</var>, <var>localName</var>, and <var>element</var>.
+
+ <li><p>If <var>attribute</var> is null, create an <a>attribute</a> whose <a for=Attr>namespace</a>
+ is <var>namespace</var>, <a for=Attr>namespace prefix</a> is <var>prefix</var>,
+ <a for=Attr>local name</a> is <var>localName</var>, <a for=Attr>value</a> is
+ <var>verifiedValue</var>, and <a for=Node>node document</a> is <var>element</var>'s
+ <a for=Node>node document</a>, then <a lt="append an attribute">append</a> this <a>attribute</a> to
+ <var>element</var>, and then return.
+
+ <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>verifiedValue</var>.
 </ol>
 </div>
 
@@ -7294,14 +7324,26 @@ method steps are:
  <li><p>Let <var>attribute</var> be the first <a>attribute</a> in <a>this</a>'s
  <a for=Element>attribute list</a> whose <a for=Attr>qualified name</a> is <var>qualifiedName</var>,
  and null otherwise.
- <!-- This is step 2 of "get an attribute by name", modified as appropriate -->
+
+ <li><p>If <var>attribute</var> is null, then set <var>attribute</var> to an <a>attribute</a>
+ whose <a for=Attr>local name</a> is <var>qualifiedName</var>, <a for=Attr>value</a> is
+ <var>value</var>, and <a for=Node>node document</a> is <a>this</a>'s <a for=Node>node document</a>.
+
+ <li><p>Let <var>verifiedValue</var> be the result of
+ <a lt="verify attribute value">verifying an attribute value</a> given <var>value</var>,
+ <var>attribute</var>, and <a>this</a>.
+
+ <li><p>Set <var>attribute</var> to the first <a>attribute</a> in <a>this</a>'s
+ <a for=Element>attribute list</a> whose <a for=Attr>qualified name</a> is <var>qualifiedName</var>,
+ and null otherwise.
 
  <li><p>If <var>attribute</var> is null, create an <a>attribute</a> whose
  <a for=Attr>local name</a> is <var>qualifiedName</var>, <a for=Attr>value</a> is
- <var>value</var>, and <a for=Node>node document</a> is <a>this</a>'s <a for=Node>node document</a>,
- then <a lt="append an attribute">append</a> this <a>attribute</a> to <a>this</a>, and then return.
+ <var>verifiedValue</var>, and <a for=Node>node document</a> is <a>this</a>'s
+ <a for=Node>node document</a>, then <a lt="append an attribute">append</a> this <a>attribute</a>
+ to <a>this</a>, and then return.
 
- <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>value</var>.
+ <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>verifiedValue</var>.
 </ol>
 
 <p>The
@@ -7313,7 +7355,7 @@ method steps are:
  passing <var>namespace</var> and <var>qualifiedName</var> to <a>validate and extract</a>.
 
  <li><p><a>Set an attribute value</a> for <a>this</a> using <var>localName</var>, <var>value</var>,
- and also <var>prefix</var> and <var>namespace</var>.
+ <var>prefix</var>, <var>namespace</var> and true.
 </ol>
 
 <p>The
@@ -7891,7 +7933,24 @@ string <var>value</var>, run these steps:
  <li><p>If <var>attribute</var>'s <a for=Attr>element</a> is null, then set <var>attribute</var>'s
  <a for=Attr>value</a> to <var>value</var>.
 
- <li><p>Otherwise, <a lt="change an attribute">change</a> <var>attribute</var> to <var>value</var>.
+ <li>
+  <p>Otherwise:
+
+  <ol>
+   <li><p>Let <var>originalElement</var> be <var>attribute</var>'s <a for=Attr>element</a>.
+
+   <li><p>Let <var>verifiedValue</var> be the result of
+   <a lt="verify attribute value">verifying an attribute value</a> given <var>value</var>,
+   <var>attribute</var>, and <a>this</a>.
+
+   <li><p>If <var>attribute</var>'s <a for=Attr>element</a> is null, then set <var>attribute</var>'s
+   <a for=Attr>value</a> to <var>verifiedValue</var>, and return.
+
+   <li><p>If <var>attribute</var>'s <a for=Attr>element</a> is not <var>originalElement</var>, then
+   return.
+
+   <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>verifiedValue</var>.
+  </ol>
 </ol>
 
 <p>The {{Attr/value}} setter steps are to <a>set an existing attribute value</a> with <a>this</a>

From d86e02f0fb3bb711517f031cf88e499f63d7b18b Mon Sep 17 00:00:00 2001
From: Luke Warlow <lwarlow@igalia.com>
Date: Thu, 24 Apr 2025 13:42:02 +0100
Subject: [PATCH 2/6] Revert change to "set an attribute value"

---
 dom.bs | 30 ++++++++----------------------
 1 file changed, 8 insertions(+), 22 deletions(-)

diff --git a/dom.bs b/dom.bs
index 3c2db63c..3fbec60f 100644
--- a/dom.bs
+++ b/dom.bs
@@ -7040,32 +7040,18 @@ an optional null or string <var>prefix</var> (default null), and an optional nul
 <var>namespace</var> (default null):
 
 <ol>
- <li><p>Let <var>attribute</var> be the result of
+ <li>Let <var>attribute</var> be the result of
  <a lt="get an attribute by namespace and local name">getting an attribute</a> given
  <var>namespace</var>, <var>localName</var>, and <var>element</var>.
 
- <li><p>If <var>attribute</var> is null, then set attribute to an <a>attribute</a> whose
- <a for=Attr>namespace</a> is <var>namespace</var>, <a for=Attr>namespace prefix</a> is
- <var>prefix</var>, <a for=Attr>local name</a> is <var>localName</var>, <a for=Attr>value</a> is
- <var>value</var>, and <a for=Node>node document</a> is <var>element</var>'s
- <a for=Node>node document</a>.
-
- <li><p>Let <var>verifiedValue</var> be the result of
- <a lt="verify attribute value">verifying an attribute value</a> given <var>value</var>,
- <var>attribute</var>, and <var>element</var>.
-
- <li><p>Set <var>attribute</var> to the result of
- <a lt="get an attribute by namespace and local name">getting an attribute</a> given
- <var>namespace</var>, <var>localName</var>, and <var>element</var>.
-
- <li><p>If <var>attribute</var> is null, create an <a>attribute</a> whose <a for=Attr>namespace</a>
- is <var>namespace</var>, <a for=Attr>namespace prefix</a> is <var>prefix</var>,
- <a for=Attr>local name</a> is <var>localName</var>, <a for=Attr>value</a> is
- <var>verifiedValue</var>, and <a for=Node>node document</a> is <var>element</var>'s
- <a for=Node>node document</a>, then <a lt="append an attribute">append</a> this <a>attribute</a> to
- <var>element</var>, and then return.
+ <li>If <var>attribute</var> is null, create an <a>attribute</a> whose <a for=Attr>namespace</a> is
+ <var>namespace</var>, <a for=Attr>namespace prefix</a> is <var>prefix</var>,
+ <a for=Attr>local name</a> is <var>localName</var>, <a for=Attr>value</a> is <var>value</var>, and
+ <a for=Node>node document</a> is <var>element</var>'s <a for=Node>node document</a>, then
+ <a lt="append an attribute">append</a> this <a>attribute</a> to <var>element</var>, and then
+ return.
 
- <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>verifiedValue</var>.
+ <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>value</var>.
 </ol>
 </div>
 

From 1d257197d6b2cb6edf0968360441e431d5187667 Mon Sep 17 00:00:00 2001
From: Luke Warlow <lwarlow@igalia.com>
Date: Thu, 24 Apr 2025 14:11:53 +0100
Subject: [PATCH 3/6] Update setAttributeNS to include TT check

---
 dom.bs | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/dom.bs b/dom.bs
index 3fbec60f..162c6513 100644
--- a/dom.bs
+++ b/dom.bs
@@ -7340,8 +7340,32 @@ method steps are:
  <li><p>Let <var>namespace</var>, <var>prefix</var>, and <var>localName</var> be the result of
  passing <var>namespace</var> and <var>qualifiedName</var> to <a>validate and extract</a>.
 
- <li><p><a>Set an attribute value</a> for <a>this</a> using <var>localName</var>, <var>value</var>,
- <var>prefix</var>, <var>namespace</var> and true.
+ <li><p>Let <var>attribute</var> be the result of
+ <a lt="get an attribute by namespace and local name">getting an attribute</a> given
+ <var>namespace</var>, <var>localName</var>, and <var>element</var>.
+
+ <li><p>If <var>attribute</var> is null, then set attribute to an <a>attribute</a> whose
+ <a for=Attr>namespace</a> is <var>namespace</var>, <a for=Attr>namespace prefix</a> is
+ <var>prefix</var>, <a for=Attr>local name</a> is <var>localName</var>, <a for=Attr>value</a> is
+ <var>value</var>, and <a for=Node>node document</a> is <var>element</var>'s
+ <a for=Node>node document</a>.
+
+ <li><p>Let <var>verifiedValue</var> be the result of
+ <a lt="verify attribute value">verifying an attribute value</a> given <var>value</var>,
+ <var>attribute</var>, and <var>element</var>.
+
+ <li><p>Set <var>attribute</var> to the result of
+ <a lt="get an attribute by namespace and local name">getting an attribute</a> given
+ <var>namespace</var>, <var>localName</var>, and <var>element</var>.
+
+ <li><p>If <var>attribute</var> is null, create an <a>attribute</a> whose <a for=Attr>namespace</a>
+ is <var>namespace</var>, <a for=Attr>namespace prefix</a> is <var>prefix</var>,
+ <a for=Attr>local name</a> is <var>localName</var>, <a for=Attr>value</a> is
+ <var>verifiedValue</var>, and <a for=Node>node document</a> is <var>element</var>'s
+ <a for=Node>node document</a>, then <a lt="append an attribute">append</a> this <a>attribute</a> to
+ <var>element</var>, and then return.
+
+ <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>verifiedValue</var>.
 </ol>
 
 <p>The

From 15e9f5727a602f2cd7460e18f8e4f684740b7f7e Mon Sep 17 00:00:00 2001
From: Luke Warlow <lwarlow@igalia.com>
Date: Wed, 25 Jun 2025 15:19:13 +0100
Subject: [PATCH 4/6] Remove extra algorithm that called through to TT and call
 TT directly from the various algorithms, also update call signature to match
 changes in TT.

---
 dom.bs | 56 ++++++++++++++++----------------------------------------
 1 file changed, 16 insertions(+), 40 deletions(-)

diff --git a/dom.bs b/dom.bs
index 162c6513..f9200c7c 100644
--- a/dom.bs
+++ b/dom.bs
@@ -6948,14 +6948,6 @@ steps:
  <a for=Attr>value</a>.
 </ol>
 
-<p>To <dfn>verify attribute value</dfn> given a {{TrustedType}} or string <var>value</var>, an
-<a>attribute</a> <var>attribute</var>, and an <a for=/>Element</a> <var>element</var>:
-
-<ol>
- <li><p>Return the result of calling <a abstract-op>get Trusted Types-compliant attribute value</a>
- given <var>attribute</var>, with <var>element</var>, and <var>value</var>. [[!TRUSTED-TYPES]]
-</ol>
-
 <hr>
 
 <div algorithm>
@@ -7008,9 +7000,10 @@ string <var>namespace</var> (default null):</p>
 <a for=/>attribute</a> <var>attr</var> and an <a for=/>element</a> <var>element</var>:
 
 <ol>
- <li><p>Let <var>verifiedValue</var> be the result of
- <a lt="verify attribute value">verifying an attribute value</a> given <var>attr</var>'s
- <a for=Attr>value</a>, <var>attr</var>, and <var>element</var>.
+ <li><p>Let <var>verifiedValue</var> be the result of calling <a abstract-op>get
+ Trusted Types-compliant attribute value</a> with <var>attr</var>'s <a for=Attr>local name</a>,
+ <var>attr</var>'s <a for=Attr>namespace</a>, <var>element</var>, and <var>attr</var>'s
+ <a for=Attr>value</a>. [[!TRUSTED-TYPES]]
 
  <li><p>If <var>attr</var>'s <a for=Attr>element</a> is neither null nor <var>element</var>,
  <a>throw</a> an "{{InUseAttributeError!!exception}}" {{DOMException}}.
@@ -7307,19 +7300,11 @@ method steps are:
  <a>HTML document</a>, then set <var>qualifiedName</var> to <var>qualifiedName</var> in
  <a>ASCII lowercase</a>.
 
- <li><p>Let <var>attribute</var> be the first <a>attribute</a> in <a>this</a>'s
- <a for=Element>attribute list</a> whose <a for=Attr>qualified name</a> is <var>qualifiedName</var>,
- and null otherwise.
-
- <li><p>If <var>attribute</var> is null, then set <var>attribute</var> to an <a>attribute</a>
- whose <a for=Attr>local name</a> is <var>qualifiedName</var>, <a for=Attr>value</a> is
- <var>value</var>, and <a for=Node>node document</a> is <a>this</a>'s <a for=Node>node document</a>.
-
- <li><p>Let <var>verifiedValue</var> be the result of
- <a lt="verify attribute value">verifying an attribute value</a> given <var>value</var>,
- <var>attribute</var>, and <a>this</a>.
+ <li><p>Let <var>verifiedValue</var> be the result of calling <a abstract-op>get
+ Trusted Types-compliant attribute value</a> with <var>qualifiedName</var>, null, <a>this</a>, and
+ <var>value</var>. [[!TRUSTED-TYPES]]
 
- <li><p>Set <var>attribute</var> to the first <a>attribute</a> in <a>this</a>'s
+ <li><p>Let <var>attribute</var> be the first <a>attribute</a> in <a>this</a>'s
  <a for=Element>attribute list</a> whose <a for=Attr>qualified name</a> is <var>qualifiedName</var>,
  and null otherwise.
 
@@ -7340,21 +7325,11 @@ method steps are:
  <li><p>Let <var>namespace</var>, <var>prefix</var>, and <var>localName</var> be the result of
  passing <var>namespace</var> and <var>qualifiedName</var> to <a>validate and extract</a>.
 
- <li><p>Let <var>attribute</var> be the result of
- <a lt="get an attribute by namespace and local name">getting an attribute</a> given
- <var>namespace</var>, <var>localName</var>, and <var>element</var>.
-
- <li><p>If <var>attribute</var> is null, then set attribute to an <a>attribute</a> whose
- <a for=Attr>namespace</a> is <var>namespace</var>, <a for=Attr>namespace prefix</a> is
- <var>prefix</var>, <a for=Attr>local name</a> is <var>localName</var>, <a for=Attr>value</a> is
- <var>value</var>, and <a for=Node>node document</a> is <var>element</var>'s
- <a for=Node>node document</a>.
-
- <li><p>Let <var>verifiedValue</var> be the result of
- <a lt="verify attribute value">verifying an attribute value</a> given <var>value</var>,
- <var>attribute</var>, and <var>element</var>.
+ <li><p>Let <var>verifiedValue</var> be the result of calling <a abstract-op>get
+ Trusted Types-compliant attribute value</a> with <var>localName</var>, <var>namespace</var>,
+ <var>element</var>, and <var>value</var>. [[!TRUSTED-TYPES]]
 
- <li><p>Set <var>attribute</var> to the result of
+ <li><p>Let <var>attribute</var> be the result of
  <a lt="get an attribute by namespace and local name">getting an attribute</a> given
  <var>namespace</var>, <var>localName</var>, and <var>element</var>.
 
@@ -7949,9 +7924,10 @@ string <var>value</var>, run these steps:
   <ol>
    <li><p>Let <var>originalElement</var> be <var>attribute</var>'s <a for=Attr>element</a>.
 
-   <li><p>Let <var>verifiedValue</var> be the result of
-   <a lt="verify attribute value">verifying an attribute value</a> given <var>value</var>,
-   <var>attribute</var>, and <a>this</a>.
+   <li><p>Let <var>verifiedValue</var> be the result of calling <a abstract-op>get
+   Trusted Types-compliant attribute value</a> with <var>attribute</var>'s
+   <a for=Attr>local name</a>, <var>attribute</var>'s <a for=Attr>namespace</a>, <a>this</a>,
+   and <var>value</var>. [[!TRUSTED-TYPES]]
 
    <li><p>If <var>attribute</var>'s <a for=Attr>element</a> is null, then set <var>attribute</var>'s
    <a for=Attr>value</a> to <var>verifiedValue</var>, and return.

From aaaae9c839b1028c373dbee4569eb561a35bd39c Mon Sep 17 00:00:00 2001
From: Luke Warlow <lwarlow@igalia.com>
Date: Thu, 3 Jul 2025 10:02:09 +0100
Subject: [PATCH 5/6] Revert larger change to setAttributeNs as its no longer
 neccessary.

---
 dom.bs | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/dom.bs b/dom.bs
index f9200c7c..20a4fd92 100644
--- a/dom.bs
+++ b/dom.bs
@@ -7329,18 +7329,8 @@ method steps are:
  Trusted Types-compliant attribute value</a> with <var>localName</var>, <var>namespace</var>,
  <var>element</var>, and <var>value</var>. [[!TRUSTED-TYPES]]
 
- <li><p>Let <var>attribute</var> be the result of
- <a lt="get an attribute by namespace and local name">getting an attribute</a> given
- <var>namespace</var>, <var>localName</var>, and <var>element</var>.
-
- <li><p>If <var>attribute</var> is null, create an <a>attribute</a> whose <a for=Attr>namespace</a>
- is <var>namespace</var>, <a for=Attr>namespace prefix</a> is <var>prefix</var>,
- <a for=Attr>local name</a> is <var>localName</var>, <a for=Attr>value</a> is
- <var>verifiedValue</var>, and <a for=Node>node document</a> is <var>element</var>'s
- <a for=Node>node document</a>, then <a lt="append an attribute">append</a> this <a>attribute</a> to
- <var>element</var>, and then return.
-
- <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>verifiedValue</var>.
+ <li><p><a>Set an attribute value</a> for <a>this</a> using <var>localName</var>,
+ <var>verifiedValue</var>, and also <var>prefix</var> and <var>namespace</var>.
 </ol>
 
 <p>The

From 4ed81601d2c960c92fac6ba2fd1c73885ef15d86 Mon Sep 17 00:00:00 2001
From: Luke Warlow <lwarlow@igalia.com>
Date: Thu, 3 Jul 2025 13:34:36 +0100
Subject: [PATCH 6/6] Set attr's value to verifiedValue before attribute change
 steps are fired.

---
 dom.bs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dom.bs b/dom.bs
index 20a4fd92..0e247100 100644
--- a/dom.bs
+++ b/dom.bs
@@ -7015,13 +7015,13 @@ string <var>namespace</var> (default null):</p>
 
  <li><p>If <var>oldAttr</var> is <var>attr</var>, return <var>attr</var>.
 
+ <li><p>Set <var>attr</var>'s <a for=Attr>value</a> to <var>verifiedValue</var>.
+
  <li><p>If <var>oldAttr</var> is non-null, then <a lt="replace an attribute">replace</a>
  <var>oldAttr</var> with <var>attr</var>.
 
  <li><p>Otherwise, <a lt="append an attribute">append</a> <var>attr</var> to <var>element</var>.
 
- <li><p>Set <var>attr</var>'s <a for=Attr>value</a> to <var>verifiedValue</var>.
-
  <li><p>Return <var>oldAttr</var>.
 </ol>
 </div>