Re: [webkit-dev] ASSERT vs. RELEASE_ASSERT

On 2024-04-01 16:18, Michael Catanzaro via webkit-dev wrote: > Hi, > > Just brainstorming, but I generally think it's worth enabling way more > assertions in production builds to the extent we can do so without > unacceptable performance impact. My ideal would be to rename ASSERT() to >

Re: [webkit-dev] Fw: Request for assistance

On 2022-10-09 15:35, anonymousjune1935-webkit--- via webkit-dev wrote: > I believe this question belongs here. If not, please direct me > somewhere else that may be more appropriate. > I'm using an Android app, that MAY use WebKit for it's interactions. > Regardless, the app owners aren't

Re: [webkit-dev] Request for Position: Cross-Origin-Resource-Blocking (CORB)

On 2022-03-29 10:46, Patrick Griffis via webkit-dev wrote: > ... > > I believe directly going to ORB and skipping CORB is not a bad idea and > something I could work on if that is the preferred spec. Thinking about this a bit more and discussing it with others here's what I've f

[webkit-dev] Request for Position: Trusted Types

Hi everybody, I'd like input on the Trusted Types API[0]. It is a set of APIs intended to protect against DOM-based XSS attacks. It changes various APIs to not accept arbitrary strings, for example `element.innerHTML` can only be assigned a `TrustedHTML` object. These are also policies

Re: [webkit-dev] Request for Position: Cross-Origin-Resource-Blocking (CORB)

On 2022-03-24 08:04, Anne van Kesteren wrote: > On Wed, Mar 23, 2022 at 6:19 PM Patrick Griffis via webkit-dev > wrote: >> I'd like a position on CORB and intend to implement it in the future. >> This is already part of the Fetch Standard[0] and should be relatively

[webkit-dev] Request for Position: Cross-Origin-Resource-Blocking (CORB)

Hi everybody, I'd like a position on CORB and intend to implement it in the future. This is already part of the Fetch Standard[0] and should be relatively straightforward. It effectively blocks cross-origin requests for resources they don't make sense in their context. For example an `img`

Re: [webkit-dev] Request for Position: Fetch Metadata

On 2022-02-11 16:15, Patrick Griffis via webkit-dev wrote: > However Sec-Fetch-User I believe will require more > significant changes that will have to be exposed to each port. It > requires knowing if a request was initiated by a user, exact details are > specified here[2], w

[webkit-dev] Request for Position: Fetch Metadata

Hi everybody, I'd like a position on the Fetch Metadata[0] spec. It is a security feature that provides extra context to fetch requests so that servers can make informed decisions. It is currently implemented by both Firefox and Chromium. I have started a work-in-progress patch[1] on bug 204744

Re: [webkit-dev] How to set up Intellisense-ish code completion/suggestions for editing WebKit sources on macOS?

On 2021-11-11 02:48, Michael[tm] Smith via webkit-dev wrote: > Can anyone recommend a combination of text-editor/IDE, plugins/tooling > (e.g., language server), and settings/config that’ll enable me to have > usable code-(auto)completion/suggestions (like Intellisense, etc.) when > editing WebKit

Re: [webkit-dev] Same-Site cookies by default

wed all cookies in third-party contexts by > default. Safari is among a few browsers that has not allowed that. I > do not know what default cookie policies the other WebKit browsers > have. > >Regards, John > >> On Mar 6, 2020, at 1:07 PM, Patrick Griffis wrote:

[webkit-dev] Same-Site cookies by default

Chromium has had the idea to treat all cookies as SameSite=Lax by default as well as blocking SameSite=None over HTTP for a while now, hidden behind a flag, and seem to be rolling this out soon. The topic is discussed in detail here: