- From: Mitar <notifications@github.com>
- Date: Sun, 18 Jan 2026 23:29:02 -0800
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 19 January 2026 07:29:06 UTC
mitar left a comment (w3c/ServiceWorker#822) @yoshisatoyanagisawa Thank you for the summary. I disagree that WAICT would solve everything here. I think probably a better approach would be to expose to end-users more information about service workers running in a background (maybe with an icon in the url bar, showing memory and process usage) with an option to kill it, remove it, etc. Also browsers could also kill and disable service workers for sites you do not visit often, etc. I do not buy the argument that preventing updates from the server would allow attackers to gain an upper hand. In most cases server would not even know about a malicious service worker. And I am not even sure that I would want the server to silently "fix" the malicious service worker. I mean, if they managed to deploy a malicious service worker, I would expect the server to inform the user that there was a breach and that they are sorry and that you should do the following steps to remedy the situation. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/822#issuecomment-3766863305 You are receiving this because you are subscribed to this thread. Message ID: <w3c/ServiceWorker/issues/822/3766863305@github.com>
Received on Monday, 19 January 2026 07:29:06 UTC