Re: [blink-dev] Intent to Prototype: Web Translation API

Hi Domenic, et al., This intent came up in the OWP sec review today. We wonder whether there's XSS potential, and how input with plain text interspersed with tags is meant to be handled: Several of the use cases seem to hint at the input being HTML strings (e.g. "pages with complicated DOM"). If

Re: [blink-dev] Intent to Ship: Document rules, response header, eagerness

Hi Jeremy, On Thu, Nov 16, 2023 at 12:33 AM Jeremy Roman wrote: > (3) Currently developers can only specify speculation rules using inline > script tags. The proposed feature provides an alternative through the > "Speculation-Rules" header. Its value must be a URL to a text resource with >

Re: [blink-dev] Re: Intent to Deprecate: Remove "Sanitizer API MVP"

multaneously vs. removing the old one prior to shipping the new one? >>>> >>>> Is this >>>> <https://chromestatus.com/metrics/feature/timeline/popularity/3814> >>>> the right graph for the Sanitizer API UseCounter? Other than a temporary

Re: [blink-dev] Intent to Ship: Opaque Response Blocking (ORB, aka CORB++) v0.2

2, the carveout for fetch()-initiated requests. The previously reported metric counted ORB-related blocks across all page-initiated responses, regardless of whether it might be script-visible or not. Daniel On Fri, Aug 11, 2023 at 2:50 AM 'Daniel Vogelheim' via blink-dev < > blink-de

Re: [blink-dev] Intent to Ship: Fenced Frames - Functionality Updates

Hi Liam, This intent has come up in the OWP security triage, and I'm trying to figure out whether there's XSS potential in the 3rd sub-feature, "Creative macros in FFAR". This looks like a string-based pattern replacement where the result string will then be parsed by the browser. Similar things

Re: [blink-dev] Intent to Ship: Opaque Response Blocking (ORB, aka CORB++) v0.2

On Tue, Aug 22, 2023 at 5:02 PM Dominic Farolino wrote: > It looks like the spec PR here has been dormant for something like ~9 >> months. Are there any plans to help drive it to the finish line, >> especially given the TODOs listed in the OP? How should we all think about >> whatever work might

Re: [blink-dev] Re: Intent to Deprecate: Remove "Sanitizer API MVP"

Hi Luke & Thomas, On Wed, Aug 16, 2023 at 12:49 PM Thomas Steiner wrote: > Adding in Jack as the author of the mentioned article at > https://web.dev/sanitizer/. It might be worthwhile to add a big red > warning aside. > > On Tue, Aug 15, 2023, 23:37 Luke wrote: > >> Just to chime in here. If

Re: [blink-dev] Re: Intent to Deprecate: Remove "Sanitizer API MVP"

t; On Fri, Aug 11, 2023 at 7:45 AM 'Daniel Vogelheim' via blink-dev < > blink-dev@chromium.org> wrote: > >> Hi Alex, >> >> On Mon, Aug 7, 2023 at 8:13 PM Alex Russell >> wrote: >> >>> Hey Daniel, >>> >>> Hrm, this is

[blink-dev] Re: Intent to Deprecate: Remove "Sanitizer API MVP"

Hi Alex, On Mon, Aug 7, 2023 at 8:13 PM Alex Russell wrote: > Hey Daniel, > > Hrm, this isn't how things are supposed to work. > > The API OWNERS set a high bar to ship exactly to prevent this sort of > bikeshedding after shipping. Is it possible to make compatible additions > instead? > I

Re: [blink-dev] Intent to Ship: Opaque Response Blocking (ORB, aka CORB++) v0.2

t;> >>>> On Mon, Jul 24, 2023 at 5:55 PM Yoav Weiss >>>> wrote: >>>> >>>>> On Mon, Jul 24, 2023 at 5:44 PM Daniel Vogelheim >>>>> wrote: >>>>> >>>>>> On Mon, Jul 24, 2023 at 5:24 PM Yoav Weiss >&g

[blink-dev] Intent to Deprecate: Remove "Sanitizer API MVP"

Contact emailsvogelh...@chromium.org Explainer - Old explainer, API as implemented in "MVP" since M105: https://github.com/WICG/sanitizer-api/blob/e72b56b361a31b722b4e14491a83e2d25943ba58/explainer.md - New explainer, still in progress, API that we expect to implement eventually:

Re: [blink-dev] Intent to Ship: Opaque Response Blocking (ORB, aka CORB++) v0.2

> On Tue, Jul 25, 2023 at 3:10 AM Yoav Weiss >> wrote: >> >>> >>> >>> On Mon, Jul 24, 2023 at 7:27 PM Daniel Vogelheim >>> wrote: >>> >>>> On Mon, Jul 24, 2023 at 5:55 PM Yoav Weiss >>>> wrote:

Re: [blink-dev] Intent to Ship: Opaque Response Blocking (ORB, aka CORB++) v0.2

t;> >>>> On Mon, Jul 24, 2023 at 5:24 PM Yoav Weiss >>>> wrote: >>>> >>>>> On Fri, Jul 21, 2023 at 5:53 PM 'Daniel Vogelheim' via blink-dev < >>>>> blink-dev@chromium.org> wrote: >>>>> >>>>>>

Re: [blink-dev] Intent to Ship: Opaque Response Blocking (ORB, aka CORB++) v0.2

On Mon, Jul 24, 2023 at 5:55 PM Yoav Weiss wrote: > On Mon, Jul 24, 2023 at 5:44 PM Daniel Vogelheim > wrote: > >> On Mon, Jul 24, 2023 at 5:24 PM Yoav Weiss >> wrote: >> >>> On Fri, Jul 21, 2023 at 5:53 PM 'Daniel Vogelheim' via blink-dev < >>>

Re: [blink-dev] Intent to Ship: Opaque Response Blocking (ORB, aka CORB++) v0.2

On Mon, Jul 24, 2023 at 5:24 PM Yoav Weiss wrote: > On Fri, Jul 21, 2023 at 5:53 PM 'Daniel Vogelheim' via blink-dev < > blink-dev@chromium.org> wrote: > >> Contact emailsvogelh...@chromium.org >> >> Specificationhttps://github.com/whatwg/fetch/pull/1442 &g

[blink-dev] Intent to Ship: Opaque Response Blocking (ORB, aka CORB++) v0.2

Contact emailsvogelh...@chromium.org Specificationhttps://github.com/whatwg/fetch/pull/1442 Summary Opaque Response Blocking (ORB) is a replacement for Cross-Origin Read Blocking (CORB - https://chromestatus.com/feature/5629709824032768). CORB and ORB are both heuristics that attempt to prevent

Re: [blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain on stable

f >>>>>> this difficult deprecation and what it means for web developers, this >>>>>> blog >>>>>> post is a good summary >>>>>> <https://developer.chrome.com/blog/immutable-document-domain/>. One >>>>>&

Re: [blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain on stable

thing it doesn't mention, but probably should, is that the >>>>> OriginAgentClusterDefaultEnabled >>>>> enterprise policy >>>>> <https://chromeenterprise.google/policies/#OriginAgentClusterDefaultEnabled> >>>>> can also be

Re: [blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain on stable

ut for M110, once it hits stable. >>> >>> On Wed, Nov 9, 2022 at 7:05 PM Daniel Vogelheim >>> wrote: >>> >>>> On Wed, Nov 9, 2022 at 6:10 PM Mike Taylor >>>> wrote: >>>> >>>>> On 10/27/22 11:49 PM, 'Dani

[blink-dev] Re: Intent to Ship: Origin Isolation By Default / Deprecate document.domain on stable

Hello Yaseen, Sorry for not betting back earlier. On Mon, Dec 5, 2022 at 10:05 AM Yaseen Khan wrote: > Activation - Deprecation plan > M109: Enable "Origin Agent Cluster by Default" for 50% of page loads on > beta, dev, and canary. > --- As a developer, do I need to set "Origin-Agent-Cluster:

Re: [blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain on stable

o roll this out to 50% of Beta/Dev/Canary for either M108 or M109, >> and carefully roll this out for M110, once it hits stable. >> >> On Wed, Nov 9, 2022 at 7:05 PM Daniel Vogelheim >> wrote: >> >>> On Wed, Nov 9, 2022 at 6:10 PM Mike Taylor >>>

Re: [blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain on stable

On Wed, Nov 9, 2022 at 6:10 PM Mike Taylor wrote: > On 10/27/22 11:49 PM, 'Daniel Vogelheim' via blink-dev wrote: > > Hello all, > > The approval for the Intent To Ship for Origin Isolation By Default / > Deprecate document.domain > <https://groups.google.com/a/ch

[blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain on stable

Hello all, The approval for the Intent To Ship for Origin Isolation By Default / Deprecate document.domain asks for a separate intent for the actual default change

Re: [blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain

Thanks. The link just leads me to an info page about Github code search. But regardless: The difficulty with this particular feature is that the "API" has two parts: First, setting document.domain (possibly on main page and frame), and then later making a cross-origin access that will succeed

Re: [blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain

On Wed, Oct 26, 2022 at 3:09 PM Yoav Weiss wrote: > Thanks for doing that work, Daniel! > > 0.015% effective breakage is way better than 0.25%, but it's still ~5x > higher than what we're typically comfortable with. > I'm wondering if folks have creative ideas on the outreach front - +Andre >

Re: [blink-dev] Intent to Implement and Ship: Trusted Types fromLiteral

>>>> On Thursday, October 6, 2022 at 7:19:20 PM UTC+2 Jun Kokatsu wrote: >>>> >>>>> >>>>> >>>>> On Wednesday, October 5, 2022 at 2:52:59 AM UTC-7 yoav...@chromium.org >>>>> wrote: >>>>> >>>>>

Re: [blink-dev] Intent to Implement and Ship: Trusted Types fromLiteral

update :) >>> >>> On Thursday, October 6, 2022 at 7:19:20 PM UTC+2 Jun Kokatsu wrote: >>> >>>> >>>> >>>> On Wednesday, October 5, 2022 at 2:52:59 AM UTC-7 yoav...@chromium.org >>>> wrote: >>>> >>>>> On

Re: [blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain

On Wed, Oct 19, 2022 at 5:23 AM Yoav Weiss wrote: > Thanks for the detailed report!! > > It's great that we've managed to bring the usage down, but 0.25% is still > too high for my comfort levels. > Taking a manual survey of the major users seems like the right approach. I > wonder if you could,

Re: [blink-dev] Intent to Implement and Ship: Trusted Types fromLiteral

PM UTC+2 Jun Kokatsu wrote: > >> >> >> On Wednesday, October 5, 2022 at 2:52:59 AM UTC-7 yoav...@chromium.org >> wrote: >> >>> On Thu, Sep 29, 2022 at 4:34 PM 'Daniel Vogelheim' via blink-dev < >>> blin...@chromium.org> wrote: >>&g

Re: [blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain

Hello all, It's been a while and 109 is coming up. As I'm preparing the intent-to-ship for 109, I'd like to post an update on how the deprecation is going: Current usage: Since announcing the deprecation, usage of document.domain-enabled accesses have dropped by about 50%. - Feature stats:

Re: [blink-dev] Re: Intent to Implement and Ship: Trusted Types fromLiteral

Hi Rick, On Tue, Oct 4, 2022 at 5:40 PM Rick Byers wrote: > This seems like a pretty minor and uncontroversial extension to trusted > types to me. But it also seems like a good time to just check-in on the > state of discussion around TrustedTypes with other vendors. > Our most recent

[blink-dev] Intent to Implement and Ship: Trusted Types fromLiteral

Contact emailsvogelh...@chromium.org Specificationhttps://w3c.github.io/trusted-types/dist/spec/#trusted-html Summary Add a function to each "Trusted Type" to create an instance from a JavaScript template literal (but not from a dynamically computed string). This makes it easy to mark literals

Re: [blink-dev] Re: Intent to Ship: Origin Isolation By Default / Deprecate document.domain

Hello Yaseen, On Thu, Jul 14, 2022 at 8:13 AM Yaseen Khan wrote: > Hi Daniel, > > Thanks for your quick update. Here is the below different deprecated > warning message in M100 to M102 and M103. > > *M100/M101/M102:* > Relaxing the same-origin policy by setting "document.domain" is >

Re: [blink-dev] Re: Intent to Ship: Origin Isolation By Default / Deprecate document.domain

Hello Yaseen, On Wed, Jul 13, 2022 at 2:47 PM Yaseen Khan wrote: > Hi Team, > > Earliar chromium browser was displaying an error message as > *document.domain* is going to deperecated in *M106*. Now I can not see > this message and in some blogs postpone to *M109*. Could you confirm on > this -

Re: [blink-dev] Intent to Ship: Opaque Response Blocking (ORB, aka CORB++) v0.1

On Wed, Jun 8, 2022 at 9:45 AM Yoav Weiss wrote: > I talked to Daniel Vogelheim about this and we agreed that the best way to > document this intermediary, Chromium-only state is with in-tree > documentation, which Daniel is working on. It landed here:

Re: [blink-dev] Intent to Ship: Sanitizer API MVP

On Wed, Jun 1, 2022 at 11:47 AM Yoav Weiss wrote: > > > On Wed, Jun 1, 2022 at 11:09 AM Daniel Vogelheim > wrote: > >> Contact emailsvogelh...@chromium.org, mk...@chromium.org, >> l...@chromium.org >> >> Explainerhttps://github.com/WICG/sanitizer-api >> https://web.dev/sanitizer >> >>

[blink-dev] Re: Intent to Ship: Origin Isolation By Default / Deprecate document.domain

On Mon, May 2, 2022 at 8:38 PM Jerilyn D. wrote: > Are there any future plans on eventually not honoring the > Origin-Agent-Cluster: > ?0 to allow setting document.domain ? Or will this header always be honored > ? > There is no plan for dropping the Origin-Agent-Cluster header, or the

Re: [blink-dev] Re: Intent to Ship: Origin Isolation By Default / Deprecate document.domain

Thanks all for the feedback. Update(s): - The warnings are live, for about two weeks now. Usage is trending down, but slowly. - I'd like to postpone flipping the default to M109, as requested (here, and offline). The existing caveats - particularly a new intent, as requested by Yoav upthread -

Re: [blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain

On Thu, Mar 10, 2022 at 12:49 AM PhistucK wrote: > Just chiming in to say that Cypress apparently relies on setting > document.domain for its "test across the same-site" feature. > https://docs.cypress.io/guides/references/trade-offs#Same-origin > Thank you. This is a different use-case from

Re: [blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain

Hi Noah, Support for the cross-origin access warning landed this week, but unfortunately only after the M100 branch cut. So this will first appear in M101. If you're willing to build Chromium from tip-of-tree, you should be able to try it out now. Daniel On Fri, Feb 25, 2022 at 5:31 PM Noah

Re: [blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain

Hi all, just a brief update: - The warning should go live on M100 . - Flipping the default is planned for M106 but there'll be a separate intent (and thus additional discussion), as requested. - A deprecation warning for cross-domain access

Re: [blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain

Hi again, On Mon, Jan 24, 2022 at 5:22 PM Daniel Vogelheim wrote: > Hi Noah, > > On Thu, Jan 20, 2022 at 8:11 PM Noah Lemen wrote: > >> At Meta (formerly known as Facebook) we have a fair amount of >> dependencies on domain lowering via document.domain. We've discussed this >> internally, and

Re: [blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain

;>>>>>> - UKM and outreach to specific large users of the API can maybe >>>>>>>>help drive the usage down. >>>>>>>>- A deprecation period of 3 milestones feels a bit short here. >>>>>>>>Is the exp

Re: [blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain

On Sun, Jan 23, 2022 at 7:47 PM Daniel Bratell wrote: > Maybe it's wrong to call it "removal" too, since it will still be > available for those sites that use site-keyed clusters. It's just making > site-keyed clusters opt-in instead of opt-out. It's not going away, but it > will require an

Re: [blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain

On Fri, Jan 21, 2022 at 11:04 PM Chris Harrelson wrote: > On Thu, Jan 20, 2022 at 11:11 AM Noah Lemen wrote: > >> At Meta (formerly known as Facebook) we have a fair amount of >> dependencies on domain lowering via document.domain. We've discussed this >> internally, and feel that the most

Re: [blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain

t;- A deprecation period of 3 milestones feels a bit short here. >>>>>>>Is the expectation that turning on the opt-out header can be done >>>>>>> under >>>>>>>that period? >>>>>>>- A report-only mode could have

Re: [blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain

eports (thanks for adding those!) instead during the >>>>deprecation period, which can be considered an on-by-default report-only >>>>mode. Can y'all add specific guidance on deprecation reports to the >>>> documentation? >>>>-

Re: [blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain

On Thu, Jan 13, 2022 at 11:32 PM Brandon Heenan wrote: > > This probably requires an Enterprise Policy, to reduce the risk for > managed installs. +bheenan@ for opinions on that front. > > I agree, this looks like a breaking change according to > go/chrome-enterprise-friendly and therefore needs

Re: [blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain

Hi all, Hi Yoav, Thanks for the feedback. I'd like to modify the intent timeline as follows: M99: Start showing a deprecation warning. M99-105: Watch use counters + outreach to top-N users. M105: Deprecate the feature by default. Enabling/disabling will be via Finch, so we have an emergency

Re: [blink-dev] Intent to Ship: Origin Isolation By Default / Deprecate document.domain

On Tue, Dec 14, 2021 at 11:51 PM Mike Taylor wrote: > On 12/14/21 11:35 AM, Daniel Bratell wrote: > > It seems more or less everyone agrees on this being a good thing, so it > mainly comes down to web compatibility. > > How much of the web will break, and how badly. The numbers mentioned, 0.5% >