- From: Andrew Betts <notifications@github.com>
- Date: Wed, 06 Feb 2019 17:12:24 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/341@github.com>
こんにちはTAG!
Special delivery courtesy of your request of me earlier this evening. I would like to draw your attention to two aspects of Feature policy. Feature policy itself was reviewed by the TAG while I was a member and generally judged to be splendid. However, being a 'framework spec' (my term for a spec that creates a scaffold on which elements of its behaviour will operate, but where those elements are defined elsewhere or not within the same process), it has developed in a way that might attract further interest:
1. Whilst policies are generally named for the behaviour that they allow, in some cases they are named after the behaviour that results from **denying** the policy. 'lazyload' is one such policy. In the default case, where no policy is defined or it is defined and **allowed** for the relevant origin, the document follows the instructions of the lazyload attribute, which defaults to immediate ('eager', if you like) loading. If a policy is defined and **disallowed** for the relevant origin, the page **forces all elements to be lazyloaded**. This could be considered counterintuitive, and if the TAG were to take a view, I would imagine it would be on the principle rather than this specific instance.
2. Feature Policies are booleans, but there is a proposal to make them parameteri[sz]ed. Some of the examples cited for parameterised policies seem to suggest that the value would be required ('allowed-image-formats' seems not to make sense without a value), while others which already exist as boolean policies become quite different when in parameterised 'mode' (eg lazyload), and still others seem like they are fundamentally booleans so the behaviour if a value is supplied is undefined (eg document-write).
Ref:
* https://github.com/w3c/webappsec-feature-policy/issues/163
* https://github.com/w3c/webappsec-feature-policy/issues/193
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/341
Received on Thursday, 7 February 2019 01:12:46 UTC