Agreed with clarification. Declarative text/css stylesheets not
restricted. Imperative new APIs (like Houdini APIs) should be
restricted to secure contexts by default. Thanks, Tantek
On Fri, Oct 18, 2019 at 4:53 PM Daniel Veditz wrote:
>
> On Fri, Oct 18, 2019 at 4:27 PM Tantek Çelik wrote:
>>
>
On Fri, Oct 18, 2019 at 4:27 PM Tantek Çelik wrote:
> Based on your reasoning, and our consistent intent emails and shipping
> behavior, I think we should consider updating the blog post on this
> matter regarding all CSS features (cc: annevk), or posting a separate
> update post accordingly, usi
Thanks Dan. I concur with the priorities, impacts, and conclusions
you've outlined.
In practice I believe 100% of the CSS features we have shipped (Intent
to Implement/Ship emails) in the past year+ have been exposed to
insecure contexts.
Based on your reasoning, and our consistent intent emails
This is a great summary, and reflects a ton of hard work over the past year
to improve our mobile testing story and reduce our CI spend. Thanks gbrown
and everyone else who helped make it happen!
On Fri, Oct 18, 2019 at 11:52 AM Geoffrey Brown wrote:
> The Android test environments used for cont
The Android test environments used for continuous integration have been
through many changes over the last year or two; here's a review of what we
have today. [1]
Most of our Android tests run on emulators. Some run on hardware: real
phones.
Our Android hardware tests run on physical devices -- M
>From my (personal) security-team perspective this is a fine pragmatic
approach. Our overriding primary concern is whether exposing these new CSS
features over insecure transport puts our users at additional risk. I don't
see any meaningful privacy exposure here since these new features will be
in
Hi,
Another quick update: Emilio, Navid, Nick, Stefan and I met today and
discussed which issues are important to fix and why. We now have a list of
spec issues, and WPT tests to fix that are Chromium bugs, that should
substantially improve interop. Nick and Stefan will take on the work to fix
the
Summary:
This feature allows developers to create weak references to JavaScript objects.
Finalizers are also provided that allow developers to perform actions when an
object is garbage collected, without keeping that object alive.
This is an advanced feature that is not expected to be widely u
On Thursday, 17 October 2019 15:31:50 UTC+2, Matthew N. wrote:
> On 2019-10-16 7:15 a.m., Paul Zühlcke wrote:
> > I plan to land a patch next week which will disable OriginAttribute
> > stripping in the permission manager. This will result in private browsing
> > windows and containers having isol
Hi folks,
I’m planning to remove nsStackFrame in bug 1576946 [0]. This is part of a
larger effort to make the browser stop using XUL layouts and align on more
standard CSS layouts such as CSS grid or flexbox instead. The removal is
targeted for Firefox 72.
The removal includes these two non web-e
10 matches
Mail list logo
