On Fri, Apr 19, 2024 at 9:52 AM Yao Xiao <yao...@chromium.org> wrote:
> *Contact emails* > cam...@chromium.org > jkar...@chromium.org > yao...@chromium.org > rohitgu...@google.com > ashame...@google.com > > *Explainer* > https://github.com/WICG/shared-storage > > *Specification* > https://wicg.github.io/shared-storage/ > > *Additional anticipated specification changes* > https://github.com/WICG/shared-storage/pull/152 > > *Blink component* > Blink>Storage>SharedStorage > <https://bugs.chromium.org/p/chromium/issues/list?q=component%3ABlink%3EStorage%3ESharedStorage&can=2> > > *Summary:* > We plan to ship the following changes to the Shared Storage API: > > - selectURL() and run() will be exposed on the SharedStorageWorklet > interface. When calling on the default scoped worklet (i.e. > sharedStorage.worklet.selectURL()/run()), the behavior is equivalent to > calling sharedStorage.selectURL()/run(). > - Users can create new worklets via const worklet = await > sharedStorage.createWorklet(url, options). This API can be used to start > multiple and potentially cross-origin worklets from a single document. > > Hi, is it correct to say that these changes are purely ergonomic and don't expose any new capabilities? > > > *Risks* > *Interoperability and Compatibility* > The changes are fully backward compatible. > > Gecko: No signal > WebKit: No signal > Web developers: No signals > Other signals: > > *WebView application risks* > > *Does this intent deprecate or change behavior of existing APIs, such that > it has potentially high risk for Android WebView-based applications?*None > > *Security* > Because the worklet's context origin will be that of the origin of the > script URL, both "Shared-Storage-Cross-Origin-Worklet-Allowed: ?1" and CORS > are required when fetching a x-origin worklet script. Even so, it is > important that worklet script creators understand the implications of this. > Their worklet, which accesses their origin's Shared Storage data, can be > loaded and executed by a different party. > > *Privacy* > In the case of creating or using a cross-origin worklet, if the worklet > cannot be created because the user has denied storage for that site, then > the promise will resolve (rather than reject) to prevent leaking cross-site > data. A caller may still use timing attacks to know this information, but > this is a minor privacy issue, as in reality very few users would set such > preferences, and doing a wide search would incur a significant performance > cost spinning up the worklets. > > *Debuggability* > > - Shared Storage database contents for an origin can be viewed and > modified within DevTools. > - Shared Storage worklet can be inspected within DevTools. > > > *Will this feature be supported on all six Blink platforms (Windows, Mac, > Linux, Chrome OS, Android, and Android WebView)?* > All but WebView > > *Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?* > Yes > > *Finch feature name* > SharedStorageAPIM125 > > *Requires code in //chrome?* > No > > *Estimated milestones* > We intend to ship in M125. > > *Link to entry on the Chrome Platform Status* > https://chromestatus.com/feature/5145686840705024 > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/41ee180b-5822-40fe-ac15-1bb1c9715e05n%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/41ee180b-5822-40fe-ac15-1bb1c9715e05n%40chromium.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw_cs5OWxyw-chqDQpxM4MOQfggrPv1jSkxQiwXoeAGR8A%40mail.gmail.com.
