Re: Intent to implement: Visual Viewport API

[Boris Zbarsky]

On 7/23/18 7:36 PM, Tanushree Podder wrote:

Secure contexts: Yes


I'm not sure what this line means here.  The spec does not restrict this 
API to secure contexts, right?  Do we plan to thus restrict it in our 
implementation?


I just filed https://github.com/WICG/visual-viewport/issues/56 on some 
obvious issues with the spec being underdefined that we would have 
presumably run into in the course of implementing it...


Implementing looks good to me, but we should make sure issues like that 
are shaken out before we ship.


-Boris
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Intent to implement: Visual Viewport API

[Tanushree Podder]

Summary: Mobile web pages contain two viewports, the layout viewport and
the visual viewport. The layout viewport consists of all the page contents
and is specified by the meta-viewport tag. The visual viewport is the
actual visible portion of the page on the screen excluding on-screen
keyboards, areas outside of a pinch-zoom area or any other on-screen
artifact that does not scale with the dimensions of the page. The purpose
of the Visual Viewport API is to allow web developers to explicitly query
the properties of the visual viewport.

Web developers can use this API in situations where they need to position
web page elements to remain visible on the screen regardless of the visible
portion of the web page. For example, if an image needs to be visible
regardless of the pinch-zoom level of the device, it can be positioned
relative to what’s shown on the screen using methods of the Visual Viewport
API.

Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1357785

Link to standard: https://wicg.github.io/visual-viewport


Platform coverage: Available on both Android and Desktop. However, the API
will be useful on desktop after desktop pinch zooming has been implemented.
Without pinch zooming, there is no difference between the visual viewport
and the layout viewport.

Estimated release: In Firefox 63, we will release the API without event
handler attributes behind a pref. The event handlers onresize and onscroll
may be pushed to a later release. The timeline for enabling it by default
has not been decided yet.

Preference behind which this will be implemented:
dom.visualviewport.enabled

Is this feature enabled by default in sandboxed iframes? Yes

If allowed, does it preserve the current invariants in terms of what
sandboxed iframes can do? Yes

DevTools bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1477829

Do other browser engines implement this?

Shipped: Chrome 61 (
https://bugs.chromium.org/p/chromium/issues/detail?id=635031)
  Opera 48 (
https://www.chromestatus.com/feature/5737866978131968)

In development: Safari (
https://webkit.org/status/#feature-visual-viewport-api)

web-platform-tests:
Test suite:
https://searchfox.org/mozilla-central/source/testing/web-platform/meta/visual-viewport

Currently, these tests are expected to fail as the Visual Viewport API has
not been implemented yet.

Bug to enable tests: https://bugzilla.mozilla.org/show_bug.cgi?id=1477610

Secure contexts: Yes
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Re: Proposed W3C Charter: Web Performance Working Group

[Peter Saint-Andre]

Hi David, thanks for crafting this text. Would it make sense to also
mention countermeasures in the paragraph on privacy? (For instance:
disallowing use of this API for arbitrary origins or restricting access
to specific API methods.)

Given the significant privacy implications, I would lean toward a formal
objection, but other Mozillians have more experience with W3C charter
reviews than I do...

Peter

On 7/22/18 7:17 PM, L. David Baron wrote:
> Below is an attempt to write comments on the charter to consider the
> feedback so far in this thread.  It's not clear to me what the right
> charter changes to suggest for the privacy and fingerprinting issues
> are; I've made a proposal here, but I'm open to alternative
> suggestions.
> 
> There's also the question of whether these comments should
> constitute a formal objection to the charter.  I think I'm leaning
> against, but could also be persuaded otherwise.
> 
> -David
> 
> =
> 
> We're glad to see the plan to merge Navigation Timing into Resource
> Timing after level 2 is complete.  However, this only partially
> addresses our concerns about confusing cross-references and
> monkeypatching between a number of the specifications produced by this
> working group.  It would be good to also see User Timing and Performance
> Timeline merged into the same set of specifications in the next level.
> 
> A number of the group's specifications have significant privacy
> implications:  they might provide mechanisms for finding information
> about what other software is running on the user's computer, whether
> that's web content in other origins, or entirely separate software.
> This requires careful consideration of whether these features are safe.
> It would be good to see the Success Criteria section of the charter both 
> explicitly ask the group to consider these issues, and explicitly say
> that it is an acceptable result for the group to decide not to release a
> specification because an acceptable solution for user privacy cannot be
> found.
> 
> Likewise, some specifications in the group provide significant
> additional fingerprinting surface.  When they do this, they should
> explicitly point out that they are doing so, and explicitly allow
> implementations to take countermeasures.  We'd like to see the Success 
> Criteria section of the charter encourage the group to consider 
> fingerprinting explicitly.
> 
> 
> 
> ___
> dev-platform mailing list
> dev-platform@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-platform
> 



signature.asc
Description: OpenPGP digital signature
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

[desktop] Bugs logged by Desktop Release QA in the last 8 days

[Bogdan Maris]

Hello,

Here's the list of new issues found and filed by the Desktop Release QA team 
last two weeks.
Additional details on the team's priorities last week, as well as the plans for 
the current week are available at: https://tinyurl.com/y97kjnpc
Bugs logged by Desktop Release QA in the last 8 days

Firefox: Toolbars and Customization
NEW - https://bugzil.la/1477268 - [Ubuntu] Unable to access some of the toolbar 
items in fullscreen mode after toggling the title bar

Firefox: Activity Streams: Newtab
NEW - https://bugzil.la/1476890 - Customize your New Tab page icon overlaps the 
Search bar when resizing the browser to minimum width
NEW - https://bugzil.la/1476959 - [Win] Cut off tail letters in New Tab page 
(Highlights section)

Firefox: Tracking Protection
RESOLVED FIXED - https://bugzil.la/1476317 - Both "Disable For This Site" and 
"Enable For This Site" buttons are displayed

Core: AutoConfig (Mission Control Desktop)
NEW - https://bugzil.la/1476648 - The user can enter online mode without access 
to the remote config file

DevTools: Memory
NEW - https://bugzil.la/1476254 - [DevTools] - treemap text overlap tree lines
NEW - https://bugzil.la/1476289 - [DevTools] - selected memory snapshot cleared 
when other snapshot is removed
NEW - https://bugzil.la/1476551 - Missing padding in front of dropdowns in 
Memory tab

DevTools: Netmonitor
NEW - https://bugzil.la/1476902 - Netmonitor - Request detail header picker 
missing styling

DevTools: Style Editor
NEW - https://bugzil.la/1476567 - Css file selection not highlighted on Save - 
[DevTools]
NEW - https://bugzil.la/1476626 - [Style Editor] Toggle style sheet visibility 
- eyeball icon disappears when resizing the browser width

This is available as a Bugzilla bug list as well: https://tinyurl.com/yc7agh5g

Regards,
Bogdan (:bogdan_maris)
Desktop Release QA
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform