W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2011

Re: Adding methods to Element.prototype WAS: [Selectors API 2] Is matchesSelector stable enough to unprefix in implementations?

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 23 Nov 2011 10:25:41 -0500
Message-ID: <4ECD1075.8030003@mit.edu>
To: Aryeh Gregor <ayg@aryeh.name>
CC: Ojan Vafai <ojan@chromium.org>, Ian Hickson <ian@hixie.ch>, "Tab Atkins Jr." <jackalmage@gmail.com>, public-webapps@w3.org
On 11/23/11 10:03 AM, Aryeh Gregor wrote:
> Can't browsers add instrumentation for this?  You have users who have
> opted in to sending anonymized data.  So for each user, on a small
> percentage of pages, intercept all bare-name property accesses in on*.

With enough work, this is possible.  It'd involve a good deal of 
complexity or some perf hit, or likely both (even when not sending; 
there is _always_ a perf hit from having mode code in the codebase). 
Also, see below.

> This would all have to be reviewed by security teams, but it should be
> doable in principle.  The advantage is your sample would actually be
> representative, which could be important in some cases.)

In fact, I think it's 100% required here, I think, since a lot of the 
issues come from non-public applications (those behind various 
passwords, etc), and the audience for those is not representative.

Worse yet, we may not be able to get good statistics out of any sort of 
statistical scheme, even if the issue would be a stop-ship issue for 
users.  For example, something that a quarter of our users hit every 
week that keeps them from using a single website they rely on would 
probably be considered a stop-ship bug, but would be lost in the noise 
of all the pages the users load during a week.

Received on Wednesday, 23 November 2011 15:26:15 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:37 UTC