Agreed with clarification. Declarative text/css stylesheets not restricted. Imperative new APIs (like Houdini APIs) should be restricted to secure contexts by default. Thanks, Tantek
On Fri, Oct 18, 2019 at 4:53 PM Daniel Veditz <dved...@mozilla.com> wrote: > > On Fri, Oct 18, 2019 at 4:27 PM Tantek Çelik <tan...@cs.stanford.edu> wrote: >> >> Based on your reasoning, and our consistent intent emails and shipping >> behavior, I think we should consider updating the blog post on this >> matter regarding all CSS features (cc: annevk), or posting a separate >> update post accordingly, using the reasoning you've provided as our >> guidance. > > > Just to be clear I was not talking about "all" CSS features but mainly the > ones specified in text/css stylesheets. New CSS features that are implemented > through JavaScript APIs (like CSS Painting API) ought to be restricted, and > exemptions should require an explicit compelling argument. Browsers have > already invented mechanisms to expose properties conditionally so it's not an > implementation burden, and it's possible for web developers to do feature > detection and deal with it. The calculus comes out differently. > > [I note the CSS Painting API spec doesn't mention such restrictions > currently, but Chrome's implementation seems to have done so anyway.] > > -Dan Veditz _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
