On 2024-04-01 16:18, Michael Catanzaro via webkit-dev wrote:
> Hi,
>
> Just brainstorming, but I generally think it's worth enabling way more
> assertions in production builds to the extent we can do so without
> unacceptable performance impact. My ideal would be to rename ASSERT() to
>
On 2022-10-09 15:35, anonymousjune1935-webkit--- via webkit-dev wrote:
> I believe this question belongs here. If not, please direct me
> somewhere else that may be more appropriate.
> I'm using an Android app, that MAY use WebKit for it's interactions.
> Regardless, the app owners aren't
On 2022-03-29 10:46, Patrick Griffis via webkit-dev wrote:
> ...
>
> I believe directly going to ORB and skipping CORB is not a bad idea and
> something I could work on if that is the preferred spec.
Thinking about this a bit more and discussing it with others here's what
I've f
Hi everybody,
I'd like input on the Trusted Types API[0].
It is a set of APIs intended to protect against DOM-based XSS attacks.
It changes various APIs to not accept arbitrary strings, for example
`element.innerHTML` can only be assigned a `TrustedHTML` object. These
are also policies
On 2022-03-24 08:04, Anne van Kesteren wrote:
> On Wed, Mar 23, 2022 at 6:19 PM Patrick Griffis via webkit-dev
> wrote:
>> I'd like a position on CORB and intend to implement it in the future.
>> This is already part of the Fetch Standard[0] and should be relatively
Hi everybody,
I'd like a position on CORB and intend to implement it in the future.
This is already part of the Fetch Standard[0] and should be relatively
straightforward.
It effectively blocks cross-origin requests for resources they don't
make sense in their context. For example an `img`
On 2022-02-11 16:15, Patrick Griffis via webkit-dev wrote:
> However Sec-Fetch-User I believe will require more
> significant changes that will have to be exposed to each port. It
> requires knowing if a request was initiated by a user, exact details are
> specified here[2], w
Hi everybody,
I'd like a position on the Fetch Metadata[0] spec. It is a security
feature that provides extra context to fetch requests so that servers
can make informed decisions. It is currently implemented by both Firefox
and Chromium.
I have started a work-in-progress patch[1] on bug 204744
On 2021-11-11 02:48, Michael[tm] Smith via webkit-dev wrote:
> Can anyone recommend a combination of text-editor/IDE, plugins/tooling
> (e.g., language server), and settings/config that’ll enable me to have
> usable code-(auto)completion/suggestions (like Intellisense, etc.) when
> editing WebKit
wed all cookies in third-party contexts by
> default. Safari is among a few browsers that has not allowed that. I
> do not know what default cookie policies the other WebKit browsers
> have.
>
>Regards, John
>
>> On Mar 6, 2020, at 1:07 PM, Patrick Griffis wrote:
Chromium has had the idea to treat all cookies as SameSite=Lax by
default as well as blocking SameSite=None over HTTP for a while now,
hidden behind a flag, and seem to be rolling this out soon.
The topic is discussed in detail here:
11 matches
Mail list logo