Re: [webkit-dev] Request for Position on Sanitizer API

2021-03-15 Thread Ryosuke Niwa via webkit-dev 
On Mon, Mar 15, 2021 at 7:32 AM Daniel Vogelheim via webkit-dev
 wrote:
>
> I'd like to request a position statement on the proposed Sanitizer API.
>
> The Sanitizer API wants to build an HTML Sanitizer right into the web 
> platform. The goal is to make it easier to build XSS-free web applications. 
> The intended contributions of the Sanitizer API are: Making a sanitizer more 
> easily accessible to web developers; be easy to use and safe by default; and 
> shift part of the maintenance burden to the platform.
>
> Currently available are an explainer and an early spec draft, and early 
> prototype implementations in Chromium & Firefox, behind flags.

I'm gathering more feedback internally at Apple but here's immediate
feedback I can give you: even if this was an useful API for web
developers, we won't use it to sanitize the content from / to the
system pasteboard (a.k.a clipboard on Windows) since we rely on style
& rendering information and apply various transformations such as
inlining all the style rules for that purpose. Secondly, we probably
won't reuse this code for sanitizing contents inside our engine since
using hash maps of element names and attribute names per element to
allow or block markup would be simply too inefficient. Reusing
concepts defined in this specification as a mechanism involved by
other specifications seems okay provided we agree that this API / spec
is an overall good idea based on more broader discussion.

- R. Niwa
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev

Re: [webkit-dev] Request For Position on CSS containment

2021-03-15 Thread Rob Buis via webkit-dev 
I misread "WebKit supports CSS containment." as "WebKit supports CSS 
containment already". Sorry for the noise!


Regards,

Rob.

Am 15.03.21 um 21:35 schrieb Simon Fraser:

We have no code for css containment yet.

Simon



On Mar 15, 2021, at 12:57 PM, Rob Buis  wrote:

Hi,

If true, then https://bugs.webkit.org/show_bug.cgi?id=172026 can be closed.

I am finding the feature in features.json, but I am not sure that means there 
is actual code.

There may be code in RenderLayerBacking, but AFAIU that would mean "only" 
contain: paint and would not be WebExposed? Can somebody check?

Regards,

Rob.

Am 15.03.21 um 20:18 schrieb Simon Fraser:

WebKit supports CSS containment.

Simon


On Mar 15, 2021, at 9:14 AM, Rob Buis via webkit-dev 
 wrote:

Hi webkit-dev,

This is a request for WebKit's position on CSS containment.

Our first interest is to implement the contain property as specified here:
https://www.w3.org/TR/css-contain-1/

After that, we want to work on style containment and the content-visibility 
property:
https://www.w3.org/TR/css-contain-2/
Regards,

Cathie and Rob.
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev

___
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev

Re: [webkit-dev] Request For Position on CSS containment

2021-03-15 Thread Simon Fraser via webkit-dev 
We have no code for css containment yet.

Simon


> On Mar 15, 2021, at 12:57 PM, Rob Buis  wrote:
> 
> Hi,
> 
> If true, then https://bugs.webkit.org/show_bug.cgi?id=172026 can be closed.
> 
> I am finding the feature in features.json, but I am not sure that means there 
> is actual code.
> 
> There may be code in RenderLayerBacking, but AFAIU that would mean "only" 
> contain: paint and would not be WebExposed? Can somebody check?
> 
> Regards,
> 
> Rob.
> 
> Am 15.03.21 um 20:18 schrieb Simon Fraser:
>> WebKit supports CSS containment.
>> 
>> Simon
>> 
>>> On Mar 15, 2021, at 9:14 AM, Rob Buis via webkit-dev 
>>>  wrote:
>>> 
>>> Hi webkit-dev,
>>> 
>>> This is a request for WebKit's position on CSS containment.
>>> 
>>> Our first interest is to implement the contain property as specified here:
>>> https://www.w3.org/TR/css-contain-1/
>>> 
>>> After that, we want to work on style containment and the content-visibility 
>>> property:
>>> https://www.w3.org/TR/css-contain-2/
>>> Regards,
>>> 
>>> Cathie and Rob.
>>> ___
>>> webkit-dev mailing list
>>> webkit-dev@lists.webkit.org
>>> https://lists.webkit.org/mailman/listinfo/webkit-dev

___
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev

Re: [webkit-dev] Request For Position on CSS containment

2021-03-15 Thread Rob Buis via webkit-dev 

Hi,

If true, then https://bugs.webkit.org/show_bug.cgi?id=172026 can be closed.

I am finding the feature in features.json, but I am not sure that means 
there is actual code.


There may be code in RenderLayerBacking, but AFAIU that would mean 
"only" contain: paint and would not be WebExposed? Can somebody check?


Regards,

Rob.

Am 15.03.21 um 20:18 schrieb Simon Fraser:

WebKit supports CSS containment.

Simon


On Mar 15, 2021, at 9:14 AM, Rob Buis via webkit-dev 
 wrote:

Hi webkit-dev,

This is a request for WebKit's position on CSS containment.

Our first interest is to implement the contain property as specified here:
https://www.w3.org/TR/css-contain-1/

After that, we want to work on style containment and the content-visibility 
property:
https://www.w3.org/TR/css-contain-2/
Regards,

Cathie and Rob.
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev

___
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev

Re: [webkit-dev] Request For Position on CSS containment

2021-03-15 Thread Simon Fraser via webkit-dev 
WebKit supports CSS containment.

Simon

> On Mar 15, 2021, at 9:14 AM, Rob Buis via webkit-dev 
>  wrote:
> 
> Hi webkit-dev,
> 
> This is a request for WebKit's position on CSS containment.
> 
> Our first interest is to implement the contain property as specified here:
> https://www.w3.org/TR/css-contain-1/
> 
> After that, we want to work on style containment and the content-visibility 
> property:
> https://www.w3.org/TR/css-contain-2/
> Regards,
> 
> Cathie and Rob.
> ___
> webkit-dev mailing list
> webkit-dev@lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev

___
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev

[webkit-dev] Request For Position on CSS containment

2021-03-15 Thread Rob Buis via webkit-dev 

Hi webkit-dev,

This is a request for WebKit's position on CSS containment.

Our first interest is to implement the contain property as specified here:
https://www.w3.org/TR/css-contain-1/

After that, we want to work on style containment and the 
content-visibility property:

https://www.w3.org/TR/css-contain-2/
Regards,

Cathie and Rob.
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev

Re: [webkit-dev] Alicia Boya as new reviewer

2021-03-15 Thread youenn fablet via webkit-dev 
Congrats as well Alicia!

Le jeu. 11 mars 2021 à 21:35, BJ Burg via webkit-dev <
webkit-dev@lists.webkit.org> a écrit :

> Congrats Alicia!
>
> On Mar 11, 2021, at 8:00 AM, Xabier Rodríguez Calvar via webkit-dev <
> webkit-dev@lists.webkit.org> wrote:
>
> Hi,
>
> It's my pleasure to announce that my colleague Alicia Boya has earned
> the reviewer status. I'm sure she will be a wonderful reviewer.
>
> Well done Alicia! ️
>
> Best regards.
> ___
> webkit-dev mailing list
> webkit-dev@lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
>
>
> ___
> webkit-dev mailing list
> webkit-dev@lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
>
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev

[webkit-dev] Request for Position on Sanitizer API

2021-03-15 Thread Daniel Vogelheim via webkit-dev 
Hello webkit-dev,

I'd like to request a position statement on the proposed Sanitizer API
.

The Sanitizer API wants to build an HTML Sanitizer right into the web
platform. The goal is to make it easier to build XSS-free web applications.
The intended contributions of the Sanitizer API are: Making a sanitizer
more easily accessible to web developers; be easy to use and safe by
default; and shift part of the maintenance burden to the platform.

Currently available are an explainer
 and
an early spec draft , and early
prototype implementations in Chromium & Firefox
,
behind flags.

Thank you for your consideration!
Daniel
___
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev