On 4/19/24 12:52 PM, Yao Xiao wrote:
*Contact emails*
cam...@chromium.org
jkar...@chromium.org
yao...@chromium.org
rohitgu...@google.com
ashame...@google.com
*Explainer*
https://github.com/WICG/shared-storage
Would it be possible to write a paragraph on this specific change, i.e.,
what are the use cases this change addresses, and how does this help
developers, etc.? Here in the thread is fine.
*Specification*
https://wicg.github.io/shared-storage/
*Additional anticipated specification changes*
https://github.com/WICG/shared-storage/pull/152
*Blink component*
Blink>Storage>SharedStorage
<https://bugs.chromium.org/p/chromium/issues/list?q=component%3ABlink%3EStorage%3ESharedStorage&can=2>
*Summary:*
We plan to ship the following changes to the Shared Storage API:
* selectURL() and run() will be exposed on the SharedStorageWorklet
interface. When calling on the default scoped worklet (i.e.
sharedStorage.worklet.selectURL()/run()), the behavior is
equivalent to calling sharedStorage.selectURL()/run().
* Users can create new worklets via const worklet = await
sharedStorage.createWorklet(url, options). This API can be used to
start multiple and potentially cross-origin worklets from a single
document.
*Risks
*
*Interoperability and Compatibility*
The changes are fully backward compatible.
Gecko: No signal
WebKit: No signal
Web developers: No signals
Other signals:
*WebView application risks*
/Does this intent deprecate or change behavior of existing APIs, such
that it has potentially high risk for Android WebView-based applications?
/None
*Security*
Because the worklet's context origin will be that of the origin of the
script URL, both "Shared-Storage-Cross-Origin-Worklet-Allowed: ?1" and
CORS are required when fetching a x-origin worklet script. Even so, it
is important that worklet script creators understand the implications
of this. Their worklet, which accesses their origin's Shared Storage
data, can be loaded and executed by a different party.
*Privacy*
In the case of creating or using a cross-origin worklet, if the
worklet cannot be created because the user has denied storage for that
site, then the promise will resolve (rather than reject) to prevent
leaking cross-site data. A caller may still use timing attacks to know
this information, but this is a minor privacy issue, as in reality
very few users would set such preferences, and doing a wide search
would incur a significant performance cost spinning up the worklets.
*Debuggability*
* Shared Storage database contents for an origin can be viewed and
modified within DevTools.
* Shared Storage worklet can be inspected within DevTools.
*Will this feature be supported on all six Blink platforms (Windows,
Mac, Linux, Chrome OS, Android, and Android WebView)?*
All but WebView
*Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?*
Yes
*Finch feature name*
SharedStorageAPIM125
*Requires code in //chrome?*
No
*Estimated milestones*
We intend to ship in M125.
*Link to entry on the Chrome Platform Status*
https://chromestatus.com/feature/5145686840705024
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/41ee180b-5822-40fe-ac15-1bb1c9715e05n%40chromium.org
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/41ee180b-5822-40fe-ac15-1bb1c9715e05n%40chromium.org?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/bf885085-5e5c-44f2-ae6f-9ae7daf3bc22%40chromium.org.
