On Thursday, October 17, 2019 at 3:15:49 PM UTC-7, Sean Voisen wrote: > On Thu, Oct 17, 2019 at 1:05 PM <ikilpatr...@chromium.org> wrote: > > > > > These features (broadly speaking) are different however. According to the > > above policy: > > "Exceptions to requiring secure contexts" > > " - other browsers already ship the feature insecurely" > > > > Most (all?) of the non-trivial features above have shipped in other > > browsers insecurely before shipping in Firefox, hence the above exception > > applies. > > > > But it also says: "In contrast, a new CSS color keyword would likely not be > restricted to secure contexts." Given that this is a new value for > grid-template-*, and not a new CSS property, I'd argue it doesn't apply.
I'd argue that the color example is a "trivial" feature, unlike subgrid. But the original framer of the policy would have a better understanding of what that meant. FWIW most new CSS features are placed behind values/etc, so I don't believe that is the distinction in the policy. > > > "subgrid" is different as Firefox is shipping this feature first. > > > > I believe we were also first to ship the support for multiple display > values, but again those are values. And I think we're the first on > ::marker. These were not restricted. Again "multiple dipslay values" are probably in the "trivial" feature bucket (if that exists). ::marker (which seems like it was only shipped recently) probably should have been restricted to secure contexts by this policy? > > > > As far as I know we don't even have a mechanism that I could > > > have used to restrict subgrid to secure contexts. And to be > > > clear: I have no intention of blocking subgrid on waiting for > > > such a mechanism. > > > > This should just involve passing a isSecureContext flag into the your CSS > > parser? > > > > There's also the consideration as to whether allowing grid in non-secure > contexts, but NOT subgrid, even makes sense. I think it would oddly > fracture support for grid layouts as a whole (or at least potentially make > things confusing for developers — it's certainly more confusing than just > restricting access to a single property like backdrop-filter or something). > Perhaps we should ask what the value of restricting only subgrid to secure > contexts even brings. If part of the spirit of the policy (at least the > part that applies here) is to quicken adoption of secure contexts, is the > value of subgrid's contribution to this endeavor worth the trade-off of > potential user confusion? For almost any CSS feature you could make a similar argument I believe. I think one interesting part here is that (from my knowledge) this policy actually hasn't been applied yet, due to the "other browsers shipping insecurely" exception. But all good questions! > > > Given this shouldn't a "...Mozilla’s Distinguished Engineers to judge the > > outcome..."? > > > > It's an interesting test of the policy. Thanks for bringing it up :) No problem! I trust the Mozilla community will decide on a reasonable outcome, and update the policy if necessary. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
