If the site sets autocomplete=off could you disable the saving of new
suggestions? One of the main use cases for turning off autocomplete is to
disable the saving of sensitive or irrelevant information. If the user is
filling in an address or cc num it's likely they have the opportunity to save
We talked a bit before about the idea of async stylesheets (like async
scripts). That kind of functionality could implement something similar to
this proposal (though in a bit more of a clunky way -- you need to have an
inline visibility:hidden style for the content you want to hide then
override
On Thu, Oct 30, 2014 at 2:26 PM, Ilya Grigorik igrigo...@gmail.com wrote:
On Thu, Oct 30, 2014 at 12:17 PM, Ben Maurer ben.mau...@gmail.com wrote:
We talked a bit before about the idea of async stylesheets (like async
scripts). That kind of functionality could implement something similar
Hey,
I think it'd be worth supporting encrypting the password. There are a
number of reasons why a site might have trouble using a hash:
1) It is unlikely that whatever standard format the browser supports will
be exactly how passwords are hashed today. It is possible to migrate hashes
(if the
Kesteren ann...@annevk.nl wrote:
On Thu, Oct 16, 2014 at 2:22 PM, Ben Maurer ben.mau...@gmail.com wrote:
It reduces the number of systems which are exposed
to the password.
You mean after the password arrives at the server? Because for
transfer we should advocate TLS.
--
https
- Would one be able to validate the password field (eg, to detect an empty
password)? Is HTML5 validation allowed on a writeonly field.
- Could a cross-domain XHR be made? Could FormData from such a field be
limited to the same domain.
- Something that could be interesting is if the password field
at use cases again, then go through some of the
feedback on the last proposal I'd made in this space, and then make a new
proposal intended to address the use cases and feedback.
On Fri, 15 Aug 2014, Ben Maurer wrote:
[Use-case F:] A website has a page where media is the primary content
Hey,
Thanks for writing this up!
So to the extent we are simply exposing http/2 semantics, this spec seems
pretty clear. Two questions that I have that aren't answered by the http/2
spec:
- What do we expect the browser to do with priorities set cross domain. Eg,
if I express that a.com/foo.js
Some cases I can think of off the top of my head:
- A website has a page where media is the primary content. It would like to
make sure that media is downloaded before JS (example: you go to
flicker.com/my-image, the browser should probably prioiritize that image
over a pice of javascript that is
:39 PM, Ben Maurer ben.mau...@gmail.com wrote:
On Thu, Aug 7, 2014 at 3:21 PM, Ilya Grigorik igrigo...@gmail.com
wrote:
It would be nice if there was a more declarative relationship between
the declarative fetch and the eventual use of the resource (assuming the
resources are on the same page
Hey,
Not sure if you've seen this thread:
http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2014-July/297257.html.
I had the same basic interest as you (decoupling resource fetching from
execution). I'd be curious to hear your thoughts about that thread.
I really like the concept of a
On Thu, Aug 7, 2014 at 3:21 PM, Ilya Grigorik igrigo...@gmail.com wrote:
It would be nice if there was a more declarative relationship between the
declarative fetch and the eventual use of the resource (assuming the
resources are on the same page).
I would like to break that dependency. I
On Thu, Jul 31, 2014 at 1:56 AM, Anne van Kesteren ann...@annevk.nl wrote:
On Wed, Jul 30, 2014 at 8:43 PM, Ben Maurer ben.mau...@gmail.com wrote:
On Wed, Jul 30, 2014 at 11:35 AM, Ian Hickson i...@hixie.ch wrote:
1. Expose it on a fetch object available from all the places that can
Another concrete example with img tags: sometimes an abusive user will
use a site like Facebook as a CDN -- they'll upload a picture and hotlink
it from elsewhere. We could insert a time-stamped authentication token as a
custom header. Today we sometimes do this via the query string -- giving
the
be the cause of the CSS file being required. A custom header would
allow logging this.
On Mon, Jul 28, 2014 at 11:34 AM, Ian Hickson i...@hixie.ch wrote:
On Mon, 28 Jul 2014, Ben Maurer wrote:
What about initial parameters to fetch (vs modifications you could make
in flight via the myfetch
On Mon, Jul 28, 2014 at 12:51 PM, Ian Hickson i...@hixie.ch wrote:
Ah, I see. Makes sense.
Are there any cases where you'd know the headers you want to send at the
time the markup is written, before JS is involved, or would you always be
updating the fetch settings from script?
I think
the use
cases I was thinking of.
-b
On Tue, Jul 22, 2014 at 5:33 PM, Ian Hickson i...@hixie.ch wrote:
On Tue, 22 Jul 2014, Ben Maurer wrote:
To follow this up with a concrete suggestion:
var myfetch = window.fetch('my.css', {'fetch-as': 'stylesheet'});
myfetch.then(function(resp
On Tue, Jul 22, 2014 at 10:26 AM, Ian Hickson i...@hixie.ch wrote:
On Mon, 21 Jul 2014, Ben Maurer wrote:
(1) Allowing the user to specify parameters to Fetch. For example, a user
could say:
script src=/my.js params={'headers':{'myheader':'value'}}
id=myscript /
This would allow
, Ben Maurer wrote:
One advantage of doing this is that if there is some use case a site has
that isn't met by the dependency model they can still manually separate
the
fetch of an object from its insertion into the DOM.
One issue worth considering here: there are various situations (CSP
management APIs.
On Tue, Jul 22, 2014 at 12:13 PM, William Chan (ιζΊζ) willc...@chromium.org
wrote:
On Tue, Jul 22, 2014 at 12:03 PM, Boris Zbarsky bzbar...@mit.edu wrote:
On 7/22/14, 2:57 PM, Ben Maurer wrote:
Nothing prevents a website from downloading content via fetch/XHR and
simply
parameters to the fetch algorithm or if
the user accessed the result of a stylesheet's fetch.
Boris, Will -- would this setup address the concerns you have about the
problems websites that use XHR to load resources encounter?
On Tue, Jul 22, 2014 at 12:39 PM, Ben Maurer ben.mau...@gmail.com wrote:
I'm
I was walking with Will about how the browser prioritizes the loading of
scripts and stylesheets. An idea that came up in our conversation was
allowing the user to directly access Fetch objects associated with scripts
and stylesheets. Some examples of how I could see this working:
(1) Allowing
22 matches
Mail list logo
