On Thursday, October 17, 2019 at 11:06:48 AM UTC-7, Mats Palmgren wrote: > On 10/17/19 5:35 PM, ikilpatr...@chromium.org wrote: > > On Wednesday, October 16, 2019 at 11:14:02 AM UTC-7, Mats Palmgren > > wrote: > >> *Secure contexts:* N/A > > > > Replying as requested from: > > https://twitter.com/ecbos_/status/1184690249324290048 > > Well, I just copy-pasted the email-template TYLin used in his > intent-to-ship for 'column-span' earlier, so I assumed "N/A" is > the correct term... :-) > > Anyway, I don't think we constrain new CSS properties/values to secure > contexts in general. As far as I know, we don't even have a mechanism > for doing so. So "N/A" seems appropriate. > > > > Subgrid is a new feature to CSS behind a new display value [...] > > No, 'subgrid' is not a new 'display' value. It's a new value for > the 'grid-template-rows/columns' properties: > https://drafts.csswg.org/css-grid-2/#subgrid-per-axis
My bad, but the same principle applies. > > > Does > > https://blog.mozilla.org/security/2018/01/15/secure-contexts-everywhere/ > > apply here? > > As far as I know, we never constrain new CSS features to secure contexts. > At least not on the property/value level. According to https://blog.mozilla.org/security/2018/01/15/secure-contexts-everywhere/ you should be? "Effective immediately, all new features that are web-exposed are to be restricted to secure contexts. Web-exposed means that the feature is observable from a web page or server, whether through JavaScript, CSS, HTTP, media formats, etc. " Or does the policy wrong and needs to be updated? > > /Mats _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
