!AGetWbsMpFPdSgUrbs:matrix.org

WHATWG

126 Members
https://whatwg.org/chat — logs: https://matrixlogs.bakkot.com/WHATWG/ — Please leave your sense of logic at the door11 Servers

Load older messages


SenderMessageTime
22 Sep 2021
@jakea:matrix.orgJake ArchibaldTa!13:07:35
@annevk:mozilla.organnevkYeah exactly. Still not quite arbitrary bytes so maybe we should have drawn a harder line there. In the early days of CORS this didn't get as much consideration as it probably should have.13:08:24
@andreubotella:mozilla.orgAndreu Botella (he/they) text/plain form payloads are /^.*=.*\r\n$/, which IMO doesn't merit a harder line 13:15:02
@annevk:mozilla.organnevkFair, you can do a lot with ASCII. 😊13:19:16
@domenicdenicola:matrix.orgDomenic
In reply to @annevk:mozilla.org
Domenic: you didn't weigh in yet, but are you okay with merging credentialless with the added warning?
Yeah for sure. One option I was thinking of is that we could mandate that "concrete" COI is not used with credentialless without PNA/ORB, but I'm on the fence there.
14:44:56
23 Sep 2021
@ahmadajmi:matrix.orgAhmad Ajmi joined the room.02:23:58
@annevk:mozilla.organnevk Luca Casonato: did you see https://github.com/heycam/webidl/pull/526? I'm somewhat curious what Deno/Node.js make out of ShadowRealms and the additional "non"-JS globals to be exposed therein 07:08:14
@lucacasonato:matrix.orgLuca Casonato Going to be a pain to implement I imagine (still not 100% clear on the scope of globals available in ShadowRealms). Generally seems fine though 07:40:02
@ms2ger:igalia.comMs2ger 💉💉Nobody's clear on the scope right now :)07:40:27
@lucacasonato:matrix.orgLuca CasonatoAh good, not just me then 😅07:40:47
@usharma:igalia.comryzokuken changed their display name from ryzokuken (back on 23rd) to ryzokuken.08:02:07
@annevk:mozilla.organnevk sideshowbarker: happy b-day 🎂 \o/ 08:09:08
@sideshowbarker:mozilla.orgsideshowbarker
In reply to @annevk:mozilla.org
sideshowbarker: happy b-day 🎂 \o/
Thanks 🥳
08:12:31
@ms2ger:igalia.comMs2ger 💉💉🎉08:13:51
@lucacasonato:matrix.orgLuca CasonatoHappy birthday!08:15:31
@jakea:matrix.orgJake Archibald Yay happy birthday sideshowbarker! 11:50:26
@jakea:matrix.orgJake Archibald annevk: Why do we disallow isolated pages from postMessageing non-isolated pages? I don't see the security issue, since the same stuff can be laundered through storage 11:52:47
@annevk:mozilla.organnevk Jake Archibald: it's not disallowed per se, but you cannot get hold of a WindowProxy across that boundary 11:57:14
@jakea:matrix.orgJake Archibald

annevk: Ahh, so it's just a side-effect of disconnecting the proxy? So BroadcastChannel still works between isolated and non-isolated pages?

Sorry, I'm trying to figure out how the reporting side of this works and I'm finding the spec quite dense 😄

11:59:01
@annevk:mozilla.organnevk Jake Archibald: closing the browsing context, yes; BC ought to work, like storage it only uses origins; postMessage with service/shared workers would work too (although you cannot always get SAB across of course) 12:01:30
@ms2ger:igalia.comMs2ger 💉💉BC is a dangerous acronym in this context12:01:54
@jakea:matrix.orgJake Archibaldhah12:02:01
@jakea:matrix.orgJake Archibaldcross-BC BC12:02:26
@annevk:mozilla.organnevkI don't understand how Chrome shipped EyeDropper and nobody seemingly looked at the open issues with the spec. And it seems the TAG mainly focused on API shape and not security...12:05:00
@annevk:mozilla.organnevkAh, I guess some of those issues were opened after it was already approved...12:09:10
@jakea:matrix.orgJake Archibald annevk I'm struggling to figure out step 2 of https://html.spec.whatwg.org/multipage/origin.html#check-browsing-context-group-switch-coop-value. What is it allowing? An isolated page to create a popup to a non-isolated page? 16:43:03
@annevk:mozilla.organnevk Jake Archibald: that's more about COOP and not COOP+COEP 16:51:13
@annevk:mozilla.organnevk Jake Archibald: if you have COOP but allow popups, this ensures no replacement happens for the popup, unless the popup itself has a COOP 16:52:04
@jakea:matrix.orgJake ArchibaldTaaaa16:52:36
@jakea:matrix.orgJake Archibald annevk really appreciate all the help with this 16:53:02

There are no newer messages yet.


Back to Room List