IDL amendments and small misc issues. #271
Conversation
|
Are you sure this is web-compatible? |
|
IMO, if it doesn't it should. I don't think a SPV event makes any sense without the required fields. I would rather fix Chrome. |
index.src.html
Outdated
| <a>shadow-including root</a> is not |global|'s <a>associated | ||
| <a>shadow-including root</A policy defines allowed and restricted behaviors, and may be applied to a Window, {{WorkerGlobalScope}, or WorkletGlobalScope as described in §4.2.2 Initialize a global object’s CSP list. | ||
|
|
||
| a> is not |global|'s <a>associated |
index.src.html
Outdated
| :: The result of executing the <a>URL serializer</a> on |violation|'s | ||
| <a for="violation">source file</a>, with the `exclude fragment` | ||
| flag set if the |violation|'s <a for="violation">source file</a> | ||
| it not null and the `empty string` otherwise. |
There was a problem hiding this comment.
In this doc, we're generally putting backticks around null, and not around "empty string" ("the empty string" is fine).
| readonly attribute long lineNumber; | ||
| readonly attribute long columnNumber; | ||
| readonly attribute unsigned long lineNumber; | ||
| readonly attribute unsigned long columnNumber; |
There was a problem hiding this comment.
Is it worth deprecating these names, and adding the lineno and colno names @annevk suggested? Should be straightforward to add to Chrome's implementation, and I agree that it would be nice to standardize to some extent when possible.
There was a problem hiding this comment.
I don't know how to deprecate attributes, I added new attributes and comments to the old ones. Does that make sense?
| @@ -1462,33 +1462,33 @@ <h3 id="violation-events"> | |||
|
|
|||
| [Constructor(DOMString type, optional SecurityPolicyViolationEventInit eventInitDict)] | |||
There was a problem hiding this comment.
I wonder if we can get away with just dropping the constructor entirely. I can't imagine that there are that many folks actually using it, nor do I know what they'd be doing with it if they were... Maybe add some metrics to Chrome?
There was a problem hiding this comment.
Main use case is testing code paths.
There was a problem hiding this comment.
I'll add some metrics.
If we do drop the constructor, does the dictionary have any point anymore?
There was a problem hiding this comment.
No, but I'm not convinced we should drop the constructor. All event classes have a constructor. I don't see why this one gets to be an exception.
There was a problem hiding this comment.
There was a problem hiding this comment.
But sure, if events should have constructors, there's not much harm in keeping our implementation. It just seems somewhat useless. shrug
|
As you deprecate |
|
I'm afraid I don't understand the suggestion for URI vs URL. The standard linked in that comment it talking about using the uppercase variant "URL" for compound names not about using URL instead of URI. It's not difficult to change if we're deprecating other names but I don't know if there's any reason to. |
|
@andypaicu The point could be made clearer in that paragraph, but the idea is that variations of "URL" such as URI and IRI add more confusion than value for users. Therefore it is suggested that newer APIs use "URL" or "url" everywhere, instead of URI, IRI and so on. @domenic Since you brought it up in the issue earlier, would you like to add anything? |
|
I think it's probably reasonable to poke at the That seems worthwhile to do for the events. I'm less convinced that it's a good idea for the POSTed report, as doing the same aliasing would bloat the request size. Either way, I'd suggest that a separate issue/PR is the right thing to do. |
andypaicu
force-pushed
the
misc-issues
branch
from
bfc9a42 to
d846aed
Compare
|
I will create a different PR following Mike's suggestion for the name changes/deprecations. Does this PR look reasonable? |
* 'master' of https://github.com/w3c/webappsec-csp: (209 commits) Fix a few typos (w3c#280) Introduce 'prefetch-src'. (w3c#283) Clarify navigation behavior for 'script-src'. Incorrect indentation of the navigation check algorithm. IDL amendments and small misc issues. (w3c#271) Regenerate HTMLs. Origin link. NoncedElement link. link up inline css issue (w3c#228) Replaced 'alias' with 'copy' for less ambiguity (w3c#273) Cleanup `global object` usage to make sense with `Documents` (w3c#254) Elements with duplicated attributes are not nonceable. s/not-example.com/example.org/ Linked testing policy and fixed a few links (w3c#263) Rebuild HTML. Fix linking errors to 'script-like' and 'applet'. Adds WorkletGlobalScope as a concept to CSP. (w3c#205) Slight correction of host matching description (w3c#251) Fixed ambigous grammar (w3c#250) Replace Request.type based logic with Request.destination (w3c#231) ...
Addresses:
#270
#268
#267
#265
#266
Also replaced an obsolete RFC and removed some random whitespaces
Preview | Diff