Merge remote-tracking branch 'upstream/main' into add-credential-types

* upstream/main: (55 commits)
  Replace `.` with `#` in example given selectors are `#ids` (mdn#33791)
  update info in cross browser testing strategies (mdn#33730)
  Clarify that `navigator.storage.persist()` depends on heuristics (mdn#33780)
  fix typo (mdn#33785)
  feat: improvements on Glossary/Hoisting (mdn#33787)
  CSS update: overview of shapes guide (mdn#33771)
  CSS update: Shapes from box values (mdn#33770)
  Fix issue 033506: correct droppedEntriesCount (mdn#33538)
  Revert "=== Symbol("foo")" (mdn#33782)
  docs(css): FF126 - Support for `shape()` function (mdn#33446)
  Bump lint-staged from 15.2.4 to 15.2.5 (mdn#33777)
  Bump ajv from 8.13.0 to 8.14.0 (mdn#33776)
  Add missing spaces for `subtlecrypto` (mdn#33774)
  fix: typo in `color_and_luminca` (mdn#33775)
  feat: improvments on gutters (mdn#33751)
  FF127Relnote- data: and javascript: URLS forbidden in base HREF (mdn#33738)
  update the content of SVG `<view>` element (mdn#33710)
  Clipboard.write() - log and fixes (mdn#33769)
  updated ClipboardItem and Clipboard documentation and examples using … (mdn#33262)
  Fix error in the code snippet for Symbol (mdn#33765)
  ...

files/en-us/_wikihistory.json

@@ -11728,7 +11728,7 @@
       "nasifmdtanjim"
     ]
   },
-  "MDN/Writing_guidelines/Howto/Write_an_API_reference/Information_contained_in_a_WebIDL_file": {
+  "MDN/Writing_guidelines/Howto/Write_an_api_reference/Information_contained_in_a_WebIDL_file": {
     "modified": "2019-10-01T06:57:46.015Z",
     "contributors": [
       "chrisdavidmills",
@@ -11744,7 +11744,7 @@
       "jryans"
     ]
   },
-  "MDN/Writing_guidelines/Howto/Write_an_API_reference/Sidebars": {
+  "MDN/Writing_guidelines/Howto/Write_an_api_reference/Sidebars": {
     "modified": "2020-09-30T09:04:08.085Z",
     "contributors": [
       "chrisdavidmills",
@@ -30245,7 +30245,7 @@
       "JesseW"
     ]
   },
-  "Web/API/Document_object_model/How_to_create_a_DOM_tree": {
+  "Web/API/Document_Object_Model/How_to_create_a_DOM_tree": {
     "modified": "2019-03-24T00:17:33.140Z",
     "contributors": [
       "SphinxKnight",
@@ -30264,7 +30264,7 @@
       "ericjung"
     ]
   },
-  "Web/API/Document_object_model/Locating_DOM_elements_using_selectors": {
+  "Web/API/Document_Object_Model/Locating_DOM_elements_using_selectors": {
     "modified": "2020-12-06T22:57:45.352Z",
     "contributors": [
       "jordan-git",
@@ -30282,7 +30282,7 @@
       "asadotzler"
     ]
   },
-  "Web/API/Document_object_model/Using_the_Document_Object_Model": {
+  "Web/API/Document_Object_Model/Using_the_Document_Object_Model": {
     "modified": "2020-12-09T01:05:18.504Z",
     "contributors": [
       "skkiennhtg2327",
@@ -30308,7 +30308,7 @@
       "Gor1"
     ]
   },
-  "Web/API/Document_object_model/Using_the_Document_Object_Model/Example": {
+  "Web/API/Document_Object_Model/Using_the_Document_Object_Model/Example": {
     "modified": "2019-03-23T23:40:45.010Z",
     "contributors": [
       "mk7087",
@@ -64969,7 +64969,7 @@
     "modified": "2019-06-17T09:14:48.783Z",
     "contributors": ["Sheppy", "beaulac", "now-raymond", "chrisdavidmills"]
   },
-  "Web/API/WebRTC_API/build_a_phone_with_peerjs/connect_peers/End_a_call": {
+  "Web/API/WebRTC_API/Build_a_phone_with_peerjs/Connect_peers/End_a_call": {
     "modified": "2020-12-10T13:59:26.911Z",
     "contributors": ["lolaodelola"]
   },
@@ -71762,7 +71762,7 @@
       "JesseW"
     ]
   },
-  "Web/API/window/getDefaultComputedStyle": {
+  "Web/API/Window/getDefaultComputedStyle": {
     "modified": "2020-10-15T21:20:40.098Z",
     "contributors": [
       "mfluehr",
@@ -71779,7 +71779,7 @@
       "Bzbarsky"
     ]
   },
-  "Web/API/window/requestAnimationFrame": {
+  "Web/API/Window/requestAnimationFrame": {
     "modified": "2020-11-28T11:54:08.634Z",
     "contributors": [
       "bulk88",
@@ -80630,6 +80630,10 @@
       "rebeccahauck"
     ]
   },
+  "Web/CSS/basic-shape/path": {
+    "modified": "2020-12-11T11:12:50.012Z",
+    "contributors": ["chrisdavidmills", "rachelandrew"]
+  },
   "Web/CSS/blend-mode": {
     "modified": "2020-10-15T21:29:47.283Z",
     "contributors": [
@@ -88381,10 +88385,6 @@
       "AkashMishraa"
     ]
   },
-  "Web/CSS/path": {
-    "modified": "2020-12-11T11:12:50.012Z",
-    "contributors": ["chrisdavidmills", "rachelandrew"]
-  },
   "Web/CSS/percentage": {
     "modified": "2020-12-14T06:48:33.216Z",
     "contributors": [

files/en-us/games/techniques/3d_on_the_web/building_up_a_basic_demo_with_three.js/index.md

@@ -113,7 +113,7 @@ You should experiment with these values and see how they change what you see in
 
 ## Rendering the scene
 
-Everything is ready, but we still can't see anything. Although we've set up the renderer, we still need to render everything. Our `render()` function will do this job, with a little help from [`requestAnimationFrame()`](/en-US/docs/Web/API/window/requestAnimationFrame), which causes the scene to be re-rendered constantly on every frame:
+Everything is ready, but we still can't see anything. Although we've set up the renderer, we still need to render everything. Our `render()` function will do this job, with a little help from [`requestAnimationFrame()`](/en-US/docs/Web/API/Window/requestAnimationFrame), which causes the scene to be re-rendered constantly on every frame:
 
 ```js
 function render() {

files/en-us/games/techniques/control_mechanisms/desktop_with_mouse_and_keyboard/index.md

@@ -71,7 +71,7 @@ function draw() {
 }
 ```
 
-The `draw` function first clears the whole Canvas — we draw everything from scratch on every single frame. Then the pressed key variables are checked and the `playerX` and `playerY` variables (that we define earlier just after `leftPressed` and the others) holding the position of the ship are adjusted by a given amount, let's say 5 pixels. Then the player's ship is drawn on the screen and the next draw is called from within the [requestAnimationFrame](/en-US/docs/Web/API/window/requestAnimationFrame).
+The `draw` function first clears the whole Canvas — we draw everything from scratch on every single frame. Then the pressed key variables are checked and the `playerX` and `playerY` variables (that we define earlier just after `leftPressed` and the others) holding the position of the ship are adjusted by a given amount, let's say 5 pixels. Then the player's ship is drawn on the screen and the next draw is called from within the [requestAnimationFrame](/en-US/docs/Web/API/Window/requestAnimationFrame).
 
 We could write our own `KeyCode` object containing the key codes. For example:
 

files/en-us/glossary/accessibility_tree/index.md

@@ -8,7 +8,7 @@ page-type: glossary-definition
 
 The **accessibility tree** contains {{Glossary("accessibility")}}-related information for most HTML elements.
 
-Browsers convert markup into an internal representation called the _[DOM tree](/en-US/docs/Web/API/Document_object_model/How_to_create_a_DOM_tree)_. The DOM tree contains objects representing all the markup's elements, attributes, and text nodes. Browsers then create an accessibility tree based on the DOM tree, which is used by platform-specific Accessibility APIs to provide a representation that can be understood by assistive technologies, such as screen readers.
+Browsers convert markup into an internal representation called the _[DOM tree](/en-US/docs/Web/API/Document_Object_Model/How_to_create_a_DOM_tree)_. The DOM tree contains objects representing all the markup's elements, attributes, and text nodes. Browsers then create an accessibility tree based on the DOM tree, which is used by platform-specific Accessibility APIs to provide a representation that can be understood by assistive technologies, such as screen readers.
 
 There are four properties in an accessibility tree object:
 

files/en-us/glossary/digital_signature/index.md

@@ -0,0 +1,29 @@
+---
+title: Digital signature
+slug: Glossary/Digital_signature
+page-type: glossary-definition
+---
+
+{{GlossarySidebar}}
+
+A **digital signature** is an object that can be used to {{glossary("authentication", "authenticate")}} the author of a document or message.
+
+Digital signatures are usually based on {{glossary("public-key cryptography")}}, in which a key is created as a pair of keys, with the property that, if some input is encrypted with one key, it can only be decrypted with the other key, and vice versa.
+
+The creator of the key pair makes one of the keys public and keeps the other one private. To sign a document, the key pair's owner creates a {{glossary("hash")}} of the document and encrypts it with the private key.
+
+The document and signature are sent to the verifier, who hashes the document, retrieves the public key, and decrypts the signature: if this matches the hash, then the signature has been verified, and the verifier can be confident that it was created by an entity with access to the private key.
+
+The security of a digital signature system depends (among other things) on:
+
+- The private key's owner keeping it safe: if other entities can access the private key, they can impersonate the owner.
+
+- The public key used by the verifier being the genuine counterpart of the owner's private key: if an attacker could trick the verifier into trusting the wrong public key, they could impersonate the owner.
+
+Verifiers often use {{glossary("digital certificate", "digital certificates")}} to check that public keys are genuine.
+
+## See also
+
+- {{glossary("Digital certificate")}}
+- {{glossary("Hash")}}
+- {{glossary("Public-key cryptography")}}

files/en-us/glossary/federated_identity/index.md

@@ -0,0 +1,30 @@
+---
+title: Federated identity
+slug: Glossary/Federated_identity
+page-type: glossary-definition
+---
+
+{{GlossarySidebar}}
+
+A **federated identity** system is one in which an {{glossary("identity provider", "identity provider (IdP)")}} acts as an intermediary between users and {{glossary("relying party", "relying parties")}}, enabling a user to use a single set of {{glossary("credential", "credentials")}} to authenticate with a number of different relying parties.
+
+Traditionally, on the web, a user will sign into a website with a username and a password, and the password is verified by the website against a (properly {{glossary("hash", "hashed")}} and {{glossary("salt", "salted")}}) copy stored on the website's backend.
+
+In this model, if users have multiple accounts with different websites, they have to remember many passwords, and this encourages bad password practices such as using the same password for multiple accounts.
+
+In a federated identity system, an identity provider:
+
+- manages a user's credentials and can authenticate users
+- is trusted by multiple websites to make assertions about a user's identity.
+
+A user can then authenticate with the identity provider, which will return a token to the user's browser if authentication is successful. The user's browser will send the token to the website, which can verify that it was issued by the IdP. If the verification succeeds, the website can sign the user in.
+
+Federated identity is often provided as a service by corporations: for example, users who have Google, Microsoft, or Facebook accounts can use them to sign in to many websites. Websites typically have to implement a process for verifying tokens that is specific to an identity provider. However, open standards such as [OpenID](https://en.wikipedia.org/wiki/OpenID), [OAuth](https://en.wikipedia.org/wiki/OAuth), and [SAML](https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language) are widely used in the implementation of federated identity systems.
+
+Although federated identity makes logging into multiple different accounts much easier for users and can greatly improve security, it can have serious implications for a user's privacy. If not carefully designed, a federated identity system can allow identity providers to track users across the web as they sign into multiple different sites. Early federated identity systems on the web were built on technologies such as third-party cookies, which are intrinsically privacy-invasive. As these technologies are being deprecated by browsers, new approaches are needed. The [Federated Credential Management (FedCM) API](/en-US/docs/Web/API/FedCM_API) provides a standardized privacy-preserving mechanism for federated identity on the web.
+
+## See also
+
+- {{glossary("Relying party")}}
+- {{glossary("Identity provider")}}
+- [Federated Credential Management (FedCM) API](/en-US/docs/Web/API/FedCM_API)

files/en-us/glossary/gutters/index.md

@@ -6,11 +6,11 @@ page-type: glossary-definition
 
 {{GlossarySidebar}}
 
-**Gutters** or _alleys_ are spacing between content tracks. These can be created in [CSS Grid Layout](/en-US/docs/Web/CSS/CSS_grid_layout) using the {{cssxref("column-gap")}}, {{cssxref("row-gap")}}, or {{cssxref("gap")}} properties.
+**Gutters** or _alleys_ are spacing between content {{glossary("grid_tracks", "tracks")}}. These can be created in [CSS Grid Layout](/en-US/docs/Web/CSS/CSS_grid_layout) using the {{cssxref("column-gap")}}, {{cssxref("row-gap")}}, or {{cssxref("gap")}} properties.
 
 ## Example
 
-In the example below we have a three-column and two-row track grid, with 20-pixel gaps between column tracks and `20px`-gaps between row tracks.
+In the example below we have a three-column and two-row track grid, with `20px` gaps between both column tracks and row tracks.
 
 ```css hidden
 * {
@@ -60,13 +60,11 @@ The `row-gap` and `column-gap` properties are not the only things that can cause
 
 ## See also
 
-### Property reference
+- [CSS Grid Layout](/en-US/docs/Web/CSS/CSS_grid_layout/Basic_concepts_of_grid_layout)
+- Property reference
 
-- {{cssxref("column-gap")}}
-- {{cssxref("row-gap")}}
-- {{cssxref("gap")}}
+  - {{cssxref("column-gap")}}
+  - {{cssxref("row-gap")}}
+  - {{cssxref("gap")}}
 
-### Further reading
-
-- CSS Grid Layout Guide: _[Basic concepts of grid layout](/en-US/docs/Web/CSS/CSS_grid_layout/Basic_concepts_of_grid_layout)_
-- [Definition of gutters in the CSS Grid Layout specification](https://drafts.csswg.org/css-grid/#gutters)
+- [Definition of gutters](https://drafts.csswg.org/css-grid/#gutters) in the CSS Grid Layout specification

files/en-us/glossary/hmac/index.md

@@ -15,4 +15,4 @@ HMAC is used to ensure both integrity and authentication.
 ## See also
 
 - [HMAC](https://en.wikipedia.org/wiki/Hash-based_message_authentication_code) on Wikipedia
-- [RFC 2104](https://www.ietf.org/rfc/rfc2104.txt) on IETF
+- [RFC 2104](https://datatracker.ietf.org/doc/html/rfc2104) on IETF

files/en-us/glossary/hoisting/index.md

@@ -6,7 +6,7 @@ page-type: glossary-definition
 
 {{GlossarySidebar}}
 
-JavaScript **Hoisting** refers to the process whereby the interpreter appears to move the _declaration_ of functions, variables, classes, or imports to the top of their scope, prior to execution of the code.
+JavaScript **Hoisting** refers to the process whereby the interpreter appears to move the _declaration_ of functions, variables, classes, or imports to the top of their {{glossary("scope")}}, prior to execution of the code.
 
 _Hoisting_ is not a term normatively defined in the ECMAScript specification. The spec does define a group of declarations as [_HoistableDeclaration_](https://tc39.es/ecma262/multipage/ecmascript-language-statements-and-declarations.html#prod-HoistableDeclaration), but this only includes [`function`](/en-US/docs/Web/JavaScript/Reference/Statements/function), [`function*`](/en-US/docs/Web/JavaScript/Reference/Statements/function*), [`async function`](/en-US/docs/Web/JavaScript/Reference/Statements/async_function), and [`async function*`](/en-US/docs/Web/JavaScript/Reference/Statements/async_function*) declarations. Hoisting is often considered a feature of [`var`](/en-US/docs/Web/JavaScript/Reference/Statements/var) declarations as well, although in a different way. In colloquial terms, any of the following behaviors may be regarded as hoisting:
 
@@ -49,7 +49,9 @@ For more information on hoisting, see:
 
 ## See also
 
-- [`var` statement](/en-US/docs/Web/JavaScript/Reference/Statements/var) — MDN
-- [`let` statement](/en-US/docs/Web/JavaScript/Reference/Statements/let) — MDN
-- [`const` statement](/en-US/docs/Web/JavaScript/Reference/Statements/const) — MDN
-- [`function` statement](/en-US/docs/Web/JavaScript/Reference/Statements/function) — MDN
+- [`var` statement](/en-US/docs/Web/JavaScript/Reference/Statements/var)
+- [`let` statement](/en-US/docs/Web/JavaScript/Reference/Statements/let)
+- [`const` statement](/en-US/docs/Web/JavaScript/Reference/Statements/const)
+- [`function` statement](/en-US/docs/Web/JavaScript/Reference/Statements/function)
+- [`class` statement](/en-US/docs/Web/JavaScript/Reference/Statements/class)
+- [`import` statement](/en-US/docs/Web/JavaScript/Reference/Statements/import)

files/en-us/glossary/identity_provider/index.md

@@ -0,0 +1,19 @@
+---
+title: Identity provider (IdP)
+slug: Glossary/Identity_provider
+page-type: glossary-definition
+---
+
+{{GlossarySidebar}}
+
+An **identity provider** (IdP) is an entity in a {{glossary("federated identity")}} system that manages a user's {{glossary("credential", "credentials")}} and can {{glossary("authentication", "authenticate")}} users.
+
+In federated identity systems, {{glossary("relying party", "relying parties")}}, that need to control access to a resource (for example, a website deciding whether to sign a user in) outsource the act of authenticating users to a third party, which they trust to make authentication decisions. These third parties are called identity providers.
+
+Examples of identity providers on the web include Google, Microsoft, and Facebook. This enables websites to allow users to sign in using the user's Google, Microsoft, or Facebook account.
+
+## See also
+
+- {{glossary("Federated identity")}}
+- {{glossary("Relying party")}}
+- [Federated Credential Management (FedCM) API](/en-US/docs/Web/API/FedCM_API)

files/en-us/glossary/relying_party/index.md

@@ -0,0 +1,16 @@
+---
+title: Relying party
+slug: Glossary/Relying_party
+page-type: glossary-definition
+---
+
+{{GlossarySidebar}}
+
+A **relying party** is an entity that needs to control access to a resource and, to do so, needs to {{glossary("authentication", "authenticate")}} other entities that are trying to access that resource. On the web, a relying party is usually a website that allows users to sign in and needs to authenticate users (for example by checking a password) before deciding whether to grant them access.
+
+The website _relies on_ the validity of the credentials the browser presents when it grants access to its resources.
+
+## See also
+
+- {{glossary("Federated identity")}}
+- {{glossary("Identity provider")}}

files/en-us/glossary/salt/index.md

@@ -0,0 +1,25 @@
+---
+title: Salt
+slug: Glossary/Salt
+page-type: glossary-definition
+---
+
+{{GlossarySidebar}}
+
+In cryptography, **salt** is random data added to a password before it is {{glossary("hash", "hashed")}}. This makes it impossible for an attacker to derive passwords from their hashes using precomputed tables of passwords and the corresponding hashes.
+
+Passwords should never be stored in their plaintext form, because of the risk that an attacker might break into the database where they are stored. Typically, the password is hashed, and the resulting hash is stored. If the hash function is cryptographically secure, then even if an attacker can get access to the stored hashes, it is impractical for them to reverse the function.
+
+To derive a password from a hash, attackers can look up the password corresponding to a hash in a precomputed table (also known as a [rainbow table](https://en.wikipedia.org/wiki/Rainbow_table)) mapping possible passwords to their hashes:
+
+| Password | Hash        |
+| -------- | ----------- |
+| pa55w0rd | 56965E2A... |
+| abcdef   | BEF57EC7... |
+| letmein  | 1C8BFE8F... |
+
+Although these tables may be very large, such attacks can be effective because table lookup is a fast operation.
+
+Adding random salt to passwords before hashing them stops this attack from working because the hash is not calculated based on the password alone but on the password combined with the salt.
+
+Unlike the password, the salt does not need to be kept secret: it can be stored alongside the salted and hashed password in the server's database.

files/en-us/glossary/stringifier/index.md

@@ -10,4 +10,4 @@ An {{Glossary("object", "object's")}} stringifier is any {{Glossary("attribute")
 
 ## See also
 
-- Stringifiers in [Information contained in a WebIDL file](/en-US/docs/MDN/Writing_guidelines/Howto/Write_an_API_reference/Information_contained_in_a_WebIDL_file#stringifiers)
+- Stringifiers in [Information contained in a WebIDL file](/en-US/docs/MDN/Writing_guidelines/Howto/Write_an_api_reference/Information_contained_in_a_WebIDL_file#stringifiers)

files/en-us/glossary/turn/index.md

@@ -12,5 +12,5 @@ page-type: glossary-definition
 
 - [TURN](https://en.wikipedia.org/wiki/TURN) on Wikipedia
 - [WebRTC protocols](/en-US/docs/Web/API/WebRTC_API/Protocols)
-- [Specification](https://www.ietf.org/rfc/rfc5766.txt)
-- [Specification update for IPv6](https://www.ietf.org/rfc/rfc6156.txt)
+- [Specification](https://datatracker.ietf.org/doc/html/rfc5766)
+- [Specification update for IPv6](https://datatracker.ietf.org/doc/html/rfc6156.txt)

files/en-us/glossary/urn/index.md

@@ -6,7 +6,7 @@ page-type: glossary-definition
 
 {{GlossarySidebar}}
 
-URN (Uniform Resource Name) is a {{Glossary("URI")}} in a standard format, referring to a resource without specifying its location or whether it exists. This example comes from [RFC3986](https://www.ietf.org/rfc/rfc3986.txt): `urn:oasis:names:specification:docbook:dtd:xml:4.1.2`
+URN (Uniform Resource Name) is a {{Glossary("URI")}} in a standard format, referring to a resource without specifying its location or whether it exists. This example comes from [RFC3986](https://datatracker.ietf.org/doc/html/rfc3986): `urn:oasis:names:specification:docbook:dtd:xml:4.1.2`
 
 ## See also