Re: clipboard events
The sanitization algorithm needs to consider
Web workers: synchronously handling events
Havn't been able to find this in the spec: is there a way to allow processing messages synchronously during a number-crunching worker thread? A typical use case is a CPU-intensive task that needs to be aborted due to user action. For example, it might take 250ms to run a search on a local database. This can be triggered on each keystroke, updating as the user types. If the user enters another letter into the text field before the previous search completes, that search may no longer be needed; the running task should be cancelled so it can start on the new text. However, if a "cancel" message is sent to the thread, it won't receive it until it returns from the work it's doing. Creating a cancellation message port to run periodically would deal with this nicely, where a port.dispatch() function would dispatch the first waiting event that came from that port, if any: var cancelling = false; cancellation_port.onmessage = function(event) { cancelling = true; } while(!finished && !cancelling) { if(cancellation_port.dispatch()) continue; /* if a message was received, cancelling may have been modified */ /* do work */ } Terminating the whole worker thread is the blunt way to do it; that's no good since it requires starting a new thread for every keystroke, and there may be significant startup costs (eg. loading search data). The only way I know to do this currently is to return periodically to allow events to run, and to resume the work with setTimeout(f, 1). That's ugly and requires writing algorithms in a specific, inconvenient way that shouldn't be required in a thread. Browsers clamping timeouts to a minimum of 5-10ms also breaks this approach; hopefully they won't do that from worker threads, but I have a feeling they will. I'd hate to be stuck with ugly messaging hacks to achieve this, eg. having to use other mechanisms not meant for cross-thread messaging, like a database. Am I missing something in the API? -- Glenn Maynard
Re: clipboard events
This would be really nice. After a very quick read-through, here are three first reactions: - this seems to support the insertion in the clipboard's data of other types than what is currently commonly supported by browsers and the minimum quoted there; this is good and important. I think, for example, that such data as the iCal format would fit very well and be very useful here. Probably RDF/XML and PDF would be safe as well. I don't know how a format could enter the arena of "safe" (or "sanitized") formats... maybe that should be included in media-types registration... - there is a sanitization process for HTML whose basis is described. Vey useful. I can't unfortunately answer if it prevents against attacks, it seems so. Allow me to request, however, that you include all children of HTML5, i.e. also MathML and SVG. - the sanitization process seems to forget the embedded images that need to be... "embedded" within the clipboard (as data: attribute-values maybe). This is the biggest risk of transferring any HTML or XML based formats, to my taste, after the script elements, and it includes also the call to any "related material" (DTDs, imported OWL ontologies, ...). Le 23 déc. 2010 à 16:35, Hallvord R. M. Steen a écrit : > looking at what Opera needs to support I drafted a specish text for clipboard > events. Something for this WG? > > -- > Hallvord R. M. Steen, Core Tester, Opera Software > http://www.opera.com http://my.opera.com/hallvors/ Could I also request that Opera considers the chapter 6 of MathML which specifies a pure-markup-based method to indicate alternate clipboard formats? thanks in advance paul
Re: clipboard events
This would be really nice. After a very quick read-through, here are three first reactions: - this seems to support the insertion in the clipboard's data of other types than what is currently commonly supported by browsers and the minimum quoted there; this is good and important. I think, for example, that such data as the iCal format would fit very well and be very useful here. Probably RDF/XML and PDF would be safe as well. I don't know how a format could enter the arena of "safe" (or "sanitized") formats... maybe that should be included in media-types registration... - there is a sanitization process for HTML whose basis is described. Vey useful. I can't unfortunately answer if it prevents against attacks, it seems so. Allow me to request, however, that you include consideration for all children of HTML5, i.e. also MathML and SVG within the process. - the sanitization process seems to forget the embedded images that need to be... "embedded" within the clipboard (as data: attribute-values maybe?). This is the biggest risk of transferring any HTML or XML based formats, to my taste, after the script elements, and it includes also the "call" to any "related material" (DTDs, imported OWL ontologies, CSS stylesheets, ...). Le 23 déc. 2010 à 16:35, Hallvord R. M. Steen a écrit : > looking at what Opera needs to support I drafted a specish text for clipboard > events. Something for this WG? > > -- > Hallvord R. M. Steen, Core Tester, Opera Software > http://www.opera.com http://my.opera.com/hallvors/ Could I also request that Opera considers the chapter 6 of MathML which specifies a pure-markup-based method to indicate alternate clipboard formats? thanks in advance paul
Re: [Bug 11606] New: wanted: awareness of non-persistent web storage
This made me wonder about this: > When support for a feature is disabled (e.g. as an emergency measure to > mitigate a security problem, or to aid in development, or for performance > reasons), user agents must act as if they had no support for the feature > whatsoever, and as if the feature was not mentioned in this specification. > For example, if a particular feature is accessed via an attribute in a Web > IDL interface, the attribute itself would be omitted from the objects that > implement that interface — leaving the attribute on the object but making it > return null or throw an exception is insufficient. vs. this: 4.3 > 1. The user agent may throw a SECURITY_ERR exception instead of returning a > Storage object if the request violates a policy decision (e.g. if the user > agent is configured to not allow the page to persist data). If localStorage is disabled due to user configuration, which rule applies? The former (remove the feature entirely) is much better for me as a developer. I've already had to write code to test putting data in localStorage and see if it throws an exception, on top of simply saying "'localStorage' in window". On Sun, Dec 26, 2010 at 11:58 AM, wrote: > http://www.w3.org/Bugs/Public/show_bug.cgi?id=11606 > > Summary: wanted: awareness of non-persistent web storage > Product: WebAppsWG > Version: unspecified > Platform: All > OS/Version: All > Status: NEW > Severity: enhancement > Priority: P2 > Component: Web Storage (editor: Ian Hickson) > AssignedTo: i...@hixie.ch > ReportedBy: w3@mukesh.agrawals.org > QAContact: member-webapi-...@w3.org > CC: i...@hixie.ch, m...@w3.org, public-webapps@w3.org > > > Both Firefox and Chrome offer users privacy features which will cause Web > Storage to be non-persistent across browser restart. For example Firefox has a > "Never remember history" option, and Chrome has a "clear cookies and other > data > when I close my browser" option. > > For an application developer, it would be helpful to know when such features > have been enabled, so that the application can inform the user, assist in > troubleshooting, or disable features that depend on persistent storage. > > -- > Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email > --- You are receiving this mail because: --- > You are on the CC list for the bug. > > -- Glenn Maynard
[Bug 11606] New: wanted: awareness of non-persistent web storage
http://www.w3.org/Bugs/Public/show_bug.cgi?id=11606 Summary: wanted: awareness of non-persistent web storage Product: WebAppsWG Version: unspecified Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: Web Storage (editor: Ian Hickson) AssignedTo: i...@hixie.ch ReportedBy: w3@mukesh.agrawals.org QAContact: member-webapi-...@w3.org CC: i...@hixie.ch, m...@w3.org, public-webapps@w3.org Both Firefox and Chrome offer users privacy features which will cause Web Storage to be non-persistent across browser restart. For example Firefox has a "Never remember history" option, and Chrome has a "clear cookies and other data when I close my browser" option. For an application developer, it would be helpful to know when such features have been enabled, so that the application can inform the user, assist in troubleshooting, or disable features that depend on persistent storage. -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug.