On 10/17/19 8:12 PM, ikilpatr...@chromium.org wrote:
On Thursday, October 17, 2019 at 11:06:48 AM UTC-7, Mats Palmgren
wrote:
As far as I know, we never constrain new CSS features to secure
contexts. At least not on the property/value level.
According to
https://blog.mozilla.org/security/2018/01/15/secure-contexts-everywhere/
you should be?
"Effective immediately, all new features that are web-exposed are to be
restricted to secure contexts. Web-exposed means that the feature is
observable from a web page or server, whether through JavaScript, CSS,
HTTP, media formats, etc."
True, but we have never applied that policy for CSS features
as far as I know. Just recently we've added 'column-span',
the ::marker pseudo, new 'display' syntax with values like
'inline list-item', 'block ruby' etc, 'clip-path: path()',
and a long list of other CSS features since 2018.
As far as I know we don't even have a mechanism that I could
have used to restrict subgrid to secure contexts. And to be
clear: I have no intention of blocking subgrid on waiting for
such a mechanism.
Or does the policy wrong and needs to be updated?
Maybe, but that's not for me to decide.
The issue you raise is a good one, but it's not really related
to subgrid specifically. Perhaps it would be better if you
start a new thread regarding how that policy applies (or not)
to CSS features in general?
/Mats
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
