Contact emailsfer...@chromium.com

Explainer
https://github.com/fergald/docs/blob/master/explainers/permissions-policy-unload.md

Specificationhttps://github.com/whatwg/html/pull/7915

Summary

This feature allows pages to disable the running of unload event handlers.
The goal is to : - allow sites that have removed all unload handlers to
ensure they do not accidentally add new ones - allow sites to remove unload
handlers when updating the code is infeasible Unload event handlers are
problematic for various reasons and prevent use of BFCache on Desktop (see
https://web.dev/bfcache/#never-use-the-unload-event).


Blink componentBlink>PermissionsAPI
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EPermissionsAPI>

TAG reviewhttps://github.com/w3ctag/design-reviews/issues/738

TAG review statusPending

Risks


Interoperability and Compatibility

3rd-party frames that rely on unload may not work as expected when
navigating away. This is solvable by the frame authors by use of
alternatives to unload and is unlikely to impact users. See detailed
discussion.
https://github.com/fergald/docs/blob/master/explainers/permissions-policy-unload.md#concerns-about-giving-embedders-control-over-the-nonexecution-of-iframe-code


*Gecko*: Negative (
https://github.com/w3c/webappsec-permissions-policy/issues/444#issuecomment-1047829132)
FF objects to this similar to sync-xhr and document-domain providing a way
to cause cross-origin interference with script. Explainer addresses this (
https://github.com/fergald/docs/blob/master/explainers/permissions-policy-unload.md#concerns-about-giving-embedders-control-over-the-nonexecution-of-iframe-code)
This is not a formal FF position, we will request a formal position soon.

*WebKit*: No signal

*Web developers*: Positive Private discussions with devs are positive.
Sites that have made efforts to remove all unload handlers want to use this
to prevent accidental returns. Also some providers of 3rd-party iframes
which have content outside of their control (e.g. ad network) want to
guarantee themselves to be unload-free.
https://github.com/w3c/webappsec-permissions-policy/issues/444#issuecomment-1130401722
Also
positive feedback about using this to deny unload as a source of security
problems.
https://github.com/w3c/webappsec-permissions-policy/issues/444#issuecomment-1222973324

*Other signals*:

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that
it has potentially high risk for Android WebView-based applications?

none known


Goals for experimentation

- Validate that this allows sites using it to improve their BFCache hit
rate


Ongoing technical constraints



Debuggability

N/A


Will this feature be supported on all six Blink platforms (Windows, Mac,
Linux, Chrome OS, Android, and Android WebView)?Yes

Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>
?Yes

Flag namechrome://flags#enable-experimental-web-platform-features
or
--enable-features=PermissionsPolicyUnload

Requires code in //chrome?False

Tracking bughttps://crbug.com/1324111

Launch bughttps://crbug.com/1357927#c16

Estimated milestones
DevTrial on desktop 107
DevTrial on Android 107

Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5760325231050752

Links to previous Intent discussionsIntent to prototype:
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAozHLkvhEtVOkvW4iXCbMf5a84ypGjD4arZtpS%3D0Okx6BPDdQ%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAozHLkvhEtVOkvW4iXCbMf5a84ypGjD4arZtpS=0okx6bp...@mail.gmail.com>


This intent message was generated by Chrome Platform Status
<https://chromestatus.com/>.

-- 
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAozHLns1p1P97p0Q%2BkQ3X1X9Q7qxKSD5Pk2McsWE5N79%2BXJbQ%40mail.gmail.com.

Reply via email to