From a6e7f1187b107f001e08f8204659f51ba67c639f Mon Sep 17 00:00:00 2001 From: Frederik Braun Date: Thu, 18 May 2023 02:13:39 +0200 Subject: [PATCH 01/44] Add position for Network Error Logging (negative) - fixes #99 (#803) * Add position for Network Error Logging (negative) - fixes #99 * Update activities.json Co-authored-by: Martin Thomson --------- Co-authored-by: Frederik Braun Co-authored-by: Martin Thomson --- activities.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/activities.json b/activities.json index c8f74b87..9472dc85 100644 --- a/activities.json +++ b/activities.json @@ -933,6 +933,19 @@ "title": "Mixed Content", "url": "https://w3c.github.io/webappsec-mixed-content/" }, + { + "ciuName": null, + "description": "The Network Error Logging spec enables website to declare a reporting policy that can be used to report encountered network errors that prevented it from successfully loading its requested resources.", + "id": "network-error-logging", + "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Network_Error_Logging", + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1145235", + "mozPosition": "negative", + "mozPositionDetail": "The API enables the collection of user-specific information that sites might not otherwise be able to observe, which includes information that might be private under some circumstances. Furthermore, the specification does not seem to track changes to the Reporting API it builds upon and seems effectively unmaintained.", + "mozPositionIssue": 99, + "org": "W3C", + "title": "Network Error Logging", + "url": "https://w3c.github.io/network-error-logging/" + }, { "ciuName": "netinfo", "description": "The Network Information API enables web applications to access information about the network connection in use by the device.", From a8394389199bb2ceaaaed0d501d18094cea109a5 Mon Sep 17 00:00:00 2001 From: cachius Date: Thu, 8 Jun 2023 14:41:47 +0200 Subject: [PATCH 02/44] add mdnUrl to url-scroll-to-text-fragment --- activities.json | 1 + 1 file changed, 1 insertion(+) diff --git a/activities.json b/activities.json index 9472dc85..4fae4675 100644 --- a/activities.json +++ b/activities.json @@ -1342,6 +1342,7 @@ "ciuName": "url-scroll-to-text-fragment", "description": "A proposal for extending URL fragment syntax with a list of text bits to highlight and scroll to.", "id": "scroll-to-text-fragment", + "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/Text_fragments", "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1753933", "mozPosition": "positive", "mozPositionDetail": "This is an important use case to address and the proposal does a good job at mitigating the compatibility and security issues. As a result the syntax is a tad inelegant, but workable. (See also the position on Fragmention, which aims to address similar use cases.)", From debd07ee48c8bb7a05fb19b0befdec763032a631 Mon Sep 17 00:00:00 2001 From: zcorpan Date: Mon, 12 Jun 2023 10:18:32 +0200 Subject: [PATCH 03/44] Add View Transitions API (SPA and MPA) (positive) Closes #677 --- activities.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/activities.json b/activities.json index 4fae4675..2783c22c 100644 --- a/activities.json +++ b/activities.json @@ -279,6 +279,19 @@ "title": "CSS Typed OM", "url": "https://drafts.css-houdini.org/css-typed-om-1" }, + { + "ciuName": "view-transitions", + "description": "The View Transitions API allows developers to create animated visual transitions representing changes in the document state.", + "id": "view-transitions", + "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/View_Transitions_API", + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1823896", + "mozPosition": "positive", + "mozPositionDetail": "View Transitions allows developers to create animated transitions between states within one document as well as transitions when navigating across documents. The latter is a new capability for the web. We think the API design should be consistent between these cases where possible. As of mid-2023, the specification and implementation experience for this feature for same-document transitions is further along than for cross-document transitions.", + "mozPositionIssue": 677, + "org": "W3C", + "title": "CSS View Transitions Module Level 1", + "url": "https://drafts.csswg.org/css-view-transitions/" + }, { "ciuName": "mdn-css_properties_overflow_clip", "description": "overflow:clip is a feature of CSS Overflow Module Level 3 that is similar to overflow:hidden except without a formatting context or programmatic scrollability.", From 9cb5e394a205da3a617cf38a308f141fc141b9ca Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Thu, 15 Jun 2023 00:43:29 +1000 Subject: [PATCH 04/44] Enable filtering on position --- index.html | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/index.html b/index.html index 20cccf6d..491ba59a 100644 --- a/index.html +++ b/index.html @@ -50,6 +50,8 @@ mask: url(asset/MDN.svg) center no-repeat; width: 1.20833em; } + + #showall { display: none; } @@ -78,6 +80,7 @@

Expand All Collapse All + Show All @@ -104,11 +107,11 @@

legend

The possible positions are:

-
Mozilla regards this work as a potential improvement to the web.
-
Mozilla is not convinced of the merits of this work, but does not see any significant negative potential.
-
Mozilla believes that pursuing this work in its current form would not be good for the web.
-
Mozilla takes no position on this work.
-
Mozilla has not taken a position on this work and is gathering more information.
+
Mozilla regards this work as a potential improvement to the web.
+
Mozilla is not convinced of the merits of this work, but does not see any significant negative potential.
+
Mozilla believes that pursuing this work in its current form would not be good for the web.
+
Mozilla takes no position on this work.
+
Mozilla has not taken a position on this work and is gathering more information.
@@ -224,6 +227,7 @@

legend

"searchable": true }, { + "name": "mozPosition", "data": "mozPosition", "type": "enum-0", "render": function (data, type, row, meta) { @@ -231,9 +235,10 @@

legend

return data; } if (data !== "" && ! status_styles.hasOwnProperty(data)) { - console.log("WARNING: unrecognised position '" + data + "' on " + row.name) + console.log("WARNING: unrecognised position '" + data + "' on " + row.name); } - return "" + return ""; }, "orderable": true }, @@ -329,6 +334,22 @@

legend

tr.classList.remove('shown'); } + window.filterPosition = function(e) { + e.preventDefault(); + ptable.columns('mozPosition:name').search(e.target.innerText).draw(); + // Calling .show() sets display to 'inline', which styles inconsistently. + $('#showall')[0].style.display = 'inline-block'; + } + ptable.on('draw', function() { + $('button.position').click(window.filterPosition); + }); + window.show_all = function(e) { + $('#mozPositions_filter input')[0].value = ''; + // Reset both the global and per-column search. + ptable.search('').column('mozPosition:name').search('').draw(); + $('#showall').hide(); + } + // Work around bugs in both Chrome and Firefox relating to // anchor scrolling and :target selection. $('#mozPositions').on('order.dt', function() { @@ -344,7 +365,7 @@

legend

} }, 0); } - } ); + }); window.addEventListener("hashchange", function (event) { var hash = location.hash.slice(1); From 79df09ad1508d503e06bc54948a95ed2e59405bb Mon Sep 17 00:00:00 2001 From: Simon Pieters Date: Wed, 21 Jun 2023 09:39:49 +0200 Subject: [PATCH 05/44] Add Navigation API (positive) Fixes #543 --- activities.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/activities.json b/activities.json index 2783c22c..b5bc46dd 100644 --- a/activities.json +++ b/activities.json @@ -946,6 +946,19 @@ "title": "Mixed Content", "url": "https://w3c.github.io/webappsec-mixed-content/" }, + { + "ciuName": null, + "description": "The navigation API provides a web application-focused way of managing same-origin same-frame history entries and navigations.", + "id": "navigation-api", + "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Navigation_API", + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1777171", + "mozPosition": "positive", + "mozPositionDetail": "This API is a good improvement for implementing SPAs over the status quo. There are various details that we're not sure about in the spec and we'd like to continue reviewing and submit feedback about issues we find.", + "mozPositionIssue": 543, + "org": "WHATWG", + "title": "Navigation API", + "url": "https://github.com/whatwg/html/pull/8502" + }, { "ciuName": null, "description": "The Network Error Logging spec enables website to declare a reporting policy that can be used to report encountered network errors that prevented it from successfully loading its requested resources.", From 630d56778637ae0367529671bda8263ede1fd9cd Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Thu, 22 Jun 2023 10:57:14 +1000 Subject: [PATCH 06/44] Positive: CSS Nesting We closed this without a dashboard entry, but it seems like we'd benefit from one. Closes #695. --- activities.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/activities.json b/activities.json index b5bc46dd..a7a5f741 100644 --- a/activities.json +++ b/activities.json @@ -218,6 +218,19 @@ "title": "CSS Layout API", "url": "https://drafts.css-houdini.org/css-layout-api-1" }, + { + "ciuName": "css-nesting", + "description": "This module introduces the ability to nest one style rule inside another, with the selector of the child rule relative to the selector of the parent rule. This increases the modularity and maintainability of CSS stylesheets.", + "id": "css-nesting", + "mdnUrl": null, + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1648037", + "mozPosition": "positive", + "mozPositionDetail": "Nesting is a valuable tool for simplifying CSS authoring. Many authoring formats include the capability in some form, but native support will make the capability consistent and more widely available.", + "mozPositionIssue": 695, + "org": "W3C", + "title": "CSS Nesting", + "url": "https://drafts.csswg.org/css-nesting/" + }, { "ciuName": "css-paint-api", "description": "An API for allowing web developers to define a custom CSS <image> with javascript, which will respond to style and size changes.", From 8a6b69e33e3224d2bdd19bd4ed561da28669eb25 Mon Sep 17 00:00:00 2001 From: Paul Adenot Date: Wed, 19 Jul 2023 18:43:34 +0200 Subject: [PATCH 07/44] Positive: Managed Media Source (#846) * Positive: Managed Media Source Extended rationale: https://github.com/w3c/media-source/issues/320#issuecomment-1632846690 Decision: https://github.com/mozilla/standards-positions/issues/845 Closes #845. * Add a link to a bug on BMO --- activities.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/activities.json b/activities.json index a7a5f741..afd178f0 100644 --- a/activities.json +++ b/activities.json @@ -907,6 +907,19 @@ "title": "Low-level (Raw) Sockets API", "url": "https://github.com/WICG/raw-sockets/blob/master/docs/explainer.md" }, + { + "ciuName": null, + "description": "This proposal extends Media Source Extension objects with a number of features that allow web applications to be more efficient in terms of power usage and memory.", + "id": "managed-media-source", + "mdnUrl": null, + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1844342", + "mozPosition": "positive", + "mozPositionDetail": "This opt-in feature of Media Source Extension allows implementations to reclaim memory when needed, and to allows scheduling download of media data when it's best to do so in terms of power usage. This is especialy important on mobile. This has the potential to improve the experience of media playback on low-power devices, but also generally allows web applications to use resources more efficiently.", + "mozPositionIssue": 845, + "org": "W3C", + "title": "Managed Media Source", + "url": "https://github.com/w3c/media-source/issues/320" + }, { "ciuName": null, "description": "This specification enables web developers to show personalized media recommendations on the browser UI.", From 603fd2731bbfcdf46c6201819234b68b4481b10d Mon Sep 17 00:00:00 2001 From: Andreas Farre Date: Mon, 14 Aug 2023 17:37:28 +0200 Subject: [PATCH 08/44] Positive: Opaque Response Blocking (ORB) (#864) We closed this without a dashboard entry, but it seems like we'd benefit from one. Closes #860. --- activities.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/activities.json b/activities.json index afd178f0..82c30ebe 100644 --- a/activities.json +++ b/activities.json @@ -1011,6 +1011,18 @@ "title": "Network Information API", "url": "https://wicg.github.io/netinfo" }, + { + "ciuName": null, + "description": "Safelist certain opaque responses based on MIME type and block everything else.", + "id": "orb", + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1532642", + "mozPosition": "positive", + "mozPositionDetail": "Our preferred approach to handle opaque responses when defending against Spectre attacks.", + "mozPositionIssue": 860, + "org": "Proposal", + "title": "Opaque Response Blocking (ORB)", + "url": "https://github.com/annevk/orb" + }, { "ciuName": null, "description": "This specification defines a delivery mechanism for a number of policies which are to be applied to an entire origin. It compliments header-based delivery mechanisms for existing policies (Content Security Policy, Referrer Policy, etc).", From a4a14d9c97d58068d08ddc30735ccdbb4395eb81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tantek=20=C3=87elik?= Date: Tue, 15 Aug 2023 21:41:27 -0700 Subject: [PATCH 09/44] fix WICG link in README.md (#866) fixes #865 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 80304f67..5aa96323 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ _See [the dashboard](https://mozilla.github.io/standards-positions/) for Mozilla This repo is where [Mozilla](https://mozilla.org/) decides and documents what it thinks about emerging technical specifications for the Web. Typically they're draft documents in the -[IETF](https://ietf.org/), [W3C](https://w3.org/) (including the [WICG](https://wicg.github.io/)), +[IETF](https://ietf.org/), [W3C](https://w3.org/) (including the [WICG](https://wicg.io/)), [WHATWG](https://whatwg.org/), and [Ecma TC39](https://github.com/tc39), but they could come from elsewhere too. From 33bb49692e30ca388f2488cd87833e8162bd9b28 Mon Sep 17 00:00:00 2001 From: Simon Pieters Date: Fri, 18 Aug 2023 00:47:46 +0200 Subject: [PATCH 10/44] Suggest using specification title as issue title (#869) --- ISSUE_TEMPLATE.md | 1 + 1 file changed, 1 insertion(+) diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md index 2df8a113..2a868938 100644 --- a/ISSUE_TEMPLATE.md +++ b/ISSUE_TEMPLATE.md @@ -1,3 +1,4 @@ + ## Request for Mozilla Position on an Emerging Web Specification From b65d14c8dd95e8b2ab4451630f972845feab2b61 Mon Sep 17 00:00:00 2001 From: bvandersloot-mozilla <90582190+bvandersloot-mozilla@users.noreply.github.com> Date: Thu, 17 Aug 2023 19:47:46 -0400 Subject: [PATCH 11/44] Global Privacy Control (positive) (#868) * Global Privacy Control (positive) * Add mozBugUrl, at @t's request * Add multiple MDN links * Update activities.json Co-authored-by: Martin Thomson * Only use the navigator property in the mdnUrl * Update activities.json Co-authored-by: Martin Thomson --------- Co-authored-by: Martin Thomson --- activities.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/activities.json b/activities.json index 82c30ebe..ebbed840 100644 --- a/activities.json +++ b/activities.json @@ -687,6 +687,19 @@ "title": "Get Installed Related Apps API", "url": "https://wicg.github.io/get-installed-related-apps/spec" }, + { + "ciuName": null, + "description": "This spec defines a signal that conveys a person's request to websites and services to not sell or share their personal information with third parties.", + "id": "gpc", + "mdnUrl": ["https://developer.mozilla.org/en-US/docs/Web/API/Navigator/globalPrivacyControl"], + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1848951", + "mozPosition": "positive", + "mozPositionDetail": "This signal defined in this specification provides users with a way to opt-out of the disclosure of their information to third parties once per profile in a way that is legally enforced in some jurisdictions, and is being considered in future regulations.", + "mozPositionIssue": 867, + "org": "Proposal", + "title": "Global Privacy Control (GPC)", + "url": "https://privacycg.github.io/gpc-spec/" + }, { "ciuName": "imports", "description": "HTML Imports are a way to include and reuse HTML documents in other HTML documents.", From cac76884170d44e56c151ba1d6f6114c20514912 Mon Sep 17 00:00:00 2001 From: Masanori Ogino <167209+omasanori@users.noreply.github.com> Date: Fri, 25 Aug 2023 22:14:51 +0900 Subject: [PATCH 12/44] Add several b.m.o links (#871) * Add several b.m.o links * Fix --- activities.json | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/activities.json b/activities.json index ebbed840..c3ececbc 100644 --- a/activities.json +++ b/activities.json @@ -260,7 +260,7 @@ "ciuName": "mdn-css_at-rules_property", "description": "The @property rule represents a custom property registration directly in a stylesheet without having to run any JS.", "id": "at-property", - "mozBugUrl": null, + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1684605", "mozPosition": "positive", "mozPositionDetail": "Having a declarative registration mechanism for custom properties is a good addition to CSS Properties and Values API.", "mozPositionIssue": 331, @@ -272,7 +272,7 @@ "ciuName": null, "description": "This specification defines the ::part() and ::theme() pseudo-elements on shadow hosts, allowing shadow hosts to selectively expose chosen elements from their shadow tree to the outside page for styling purposes.", "id": "css-shadow-parts", - "mozBugUrl": null, + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1619579", "mozPosition": "positive", "mozPositionDetail": null, "mozPositionIssue": 59, @@ -371,7 +371,7 @@ "ciuName": null, "description": "This draft defines additions to CSSOM to make CSSStyleSheet objects directly constructable, along with a way to use them in DocumentOrShadowRoots.", "id": "construct-stylesheets", - "mozBugUrl": null, + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1773147", "mozPosition": "positive", "mozPositionDetail": null, "mozPositionIssue": 103, @@ -383,7 +383,7 @@ "ciuName": null, "description": "This proposal adds an API for prompting and querying the user\u2019s contacts for one or more items with a handful of contact properties.", "id": "contact-picker", - "mozBugUrl": null, + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1756767", "mozPosition": "defer", "mozPositionDetail": "This API innovates in some ways beyond several previous Contacts APIs, though uses different properties than HTML autofill field names.", "mozPositionIssue": 153, @@ -395,7 +395,7 @@ "ciuName": null, "description": "This document defines a mechanism by which a web page can embed a nested browsing context if and only if it agrees to enforce a particular set of restrictions upon itself.", "id": "cspee", - "mozBugUrl": null, + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1391244", "mozPosition": "neutral", "mozPositionDetail": "This specification allows sites to specify minimum CSP policies for embedded content. The risk of problems arising from misalignment between different policies is managed well. The resulting complexity is not trivial, but it is balanced against the security improvements.", "mozPositionIssue": 326, @@ -479,7 +479,7 @@ "ciuName": "custom-elementsv1", "description": "A way to create new HTML elements implemented through JavaScript.", "id": "custom-elements", - "mozBugUrl": null, + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1438627", "mozPosition": "positive", "mozPositionDetail": "A welcome successor to XBL!", "mozPositionIssue": 60, @@ -740,7 +740,7 @@ "ciuName": "mdn-api_htmlvideoelement_requestvideoframecallback", "description": "<video>.requestVideoFrameCallback() allows web authors to be notified when a frame has been presented for composition.", "id": "requestVideoFrameCallback", - "mozBugUrl": null, + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1800882", "mozPosition": "positive", "mozPositionDetail": "This is intended to allow web authors to do efficient per-video-frame processing of video, such as video processing and painting to a canvas, video analysis, or synchronization with external audio sources.", "mozPositionIssue": 250, @@ -964,7 +964,7 @@ "description": "This specification extends MediaStreamTrack to let web applications provide an optional media-content hint attribute. This helps sinks like RTCPeerConnection or MediaRecorder select encoder parameters and processing algorithms appropriately based on a hint about the nature of the content being consumed without having to examine the actual content.", "id": "mst-content-hint", "mdnUrl": null, - "mozBugUrl": null, + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1831521", "mozPosition": "positive", "mozPositionDetail": "Content Hints is a welcome higher-level abstraction that does not require broad knowledge and tuning of video encoder, audio-processing, and congestion controls directly. Early concerns over lack of specificity around how hints interact with the lower-level controls they complement have been addressed.", "mozPositionIssue": 101, @@ -1088,7 +1088,7 @@ "ciuName": "background-sync", "description": "This specification describes a method that enables web applications to synchronize data in the background.", "id": "periodic-background-sync", - "mozBugUrl": null, + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1547906", "mozPosition": "negative", "mozPositionDetail": "We're concerned that this feature would allow users to be tracked across networks (leaking private information about location and IP address and how they change over time), and that it would allow script execution and resource consumption when it isn't clear to the user that they're interacting with the site. We might reconsider this position given evidence that these concerns can be safely addressed, however, addressing them for periodic background sync appears substantially harder than doing so for one-off background sync.", "mozPositionIssue": 214, @@ -1101,7 +1101,7 @@ "description": "The Permissions Standard defines common infrastructure for other specifications that need to interact with browser permissions. It also defines an API to allow web applications to query and request changes to the status of a given permission.", "id": "permissions", "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Permissions_API", - "mozBugUrl": null, + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1105827", "mozPosition": "positive", "mozPositionDetail": "Mozilla believes that the ability to work with user permissions is critical for user agency. There are certain aspects of the API that are not suitable for the permissions model used in Firefox and so we would like to work on improving several aspects of the API. In particular, we think that the way that status of permissions needs to more accurately reflect the different states that exist or could exist. We also think that the interactions with Feature Policy need to be better clarified. We're committed to fixing this, because permissions has become critical in making the web a more capable platform and it is important to ensure that we preserve user control over their online experience.", "mozPositionIssue": 19, @@ -1162,7 +1162,7 @@ "description": "Specification of the Priority Hints feature.", "id": "priority-hints", "mdnUrl": null, - "mozBugUrl": null, + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1797715", "mozPosition": "positive", "mozPositionDetail": "Priority hints allow sites to provide information about how subresources on a page might be prioritized for fetching. This can allow the browser to override parts of the internal prioritization heuristics that are used for resource fetching, which could improve page load performance.", "mozPositionIssue": 606, @@ -1320,7 +1320,7 @@ "ciuName": "shadowdomv1", "description": "A way to give a node in the DOM a hidden subtree in which the children of the node can be inserted.", "id": "shadow-trees", - "mozBugUrl": null, + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1438607", "mozPosition": "positive", "mozPositionDetail": "A welcome successor to XBL!", "mozPositionIssue": 60, @@ -1494,7 +1494,7 @@ "ciuName": null, "description": "In Transport Layer Security (TLS) handshakes, certificate chains often take up the majority of the bytes transmitted. This document describes how certificate chains can be compressed to reduce the amount of data transmitted and avoid some round trips.", "id": "tls-certificate-compression", - "mozBugUrl": null, + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1548723", "mozPosition": "positive", "mozPositionDetail": "Compression of certificates should provide some performance advantages.", "mozPositionIssue": 96, From 8c29078f4bde9ddbbcde0eedde5de3cb5176a4b4 Mon Sep 17 00:00:00 2001 From: Thomas Steiner Date: Sat, 16 Sep 2023 15:42:09 +0200 Subject: [PATCH 13/44] Add spec authors to issue template --- ISSUE_TEMPLATE.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md index 2a868938..11d69ad3 100644 --- a/ISSUE_TEMPLATE.md +++ b/ISSUE_TEMPLATE.md @@ -2,9 +2,10 @@ ## Request for Mozilla Position on an Emerging Web Specification -* Specification Title: +* Specification title: * Specification or proposal URL (if available): -* Explainer URL (if available): +* Explainer URL (if available): +* Proposal author(s) (comma-separated GitHub accounts): * Caniuse.com URL (optional): * Bugzilla URL (optional): * Mozillians who can provide input (optional): From 23a3573bbb788f6cdc04be46f3f7d17e4f9db96a Mon Sep 17 00:00:00 2001 From: Thomas Steiner Date: Sun, 17 Sep 2023 07:36:26 +0200 Subject: [PATCH 14/44] Update ISSUE_TEMPLATE.md Co-authored-by: Martin Thomson --- ISSUE_TEMPLATE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md index 11d69ad3..d4e0c8df 100644 --- a/ISSUE_TEMPLATE.md +++ b/ISSUE_TEMPLATE.md @@ -5,7 +5,7 @@ * Specification title: * Specification or proposal URL (if available): * Explainer URL (if available): -* Proposal author(s) (comma-separated GitHub accounts): +* Proposal author(s) (`@`-mention GitHub accounts): * Caniuse.com URL (optional): * Bugzilla URL (optional): * Mozillians who can provide input (optional): From 025b7d6f3c1eb6f9c110514552244662d2151eb6 Mon Sep 17 00:00:00 2001 From: Andrew Sutherland Date: Mon, 25 Sep 2023 15:02:45 -0400 Subject: [PATCH 15/44] Run `activity.py sort` (#890) I ran `./activity.py sort` before making another change and this diff resulted. --- activities.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/activities.json b/activities.json index c3ececbc..4291364e 100644 --- a/activities.json +++ b/activities.json @@ -691,7 +691,9 @@ "ciuName": null, "description": "This spec defines a signal that conveys a person's request to websites and services to not sell or share their personal information with third parties.", "id": "gpc", - "mdnUrl": ["https://developer.mozilla.org/en-US/docs/Web/API/Navigator/globalPrivacyControl"], + "mdnUrl": [ + "https://developer.mozilla.org/en-US/docs/Web/API/Navigator/globalPrivacyControl" + ], "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1848951", "mozPosition": "positive", "mozPositionDetail": "This signal defined in this specification provides users with a way to opt-out of the disclosure of their information to third parties once per profile in a way that is legally enforced in some jurisdictions, and is being considered in future regulations.", From 6603a623e1b4b0001d876d65fa695e03a4a87b58 Mon Sep 17 00:00:00 2001 From: Andrew Sutherland Date: Thu, 28 Sep 2023 22:29:51 -0400 Subject: [PATCH 16/44] URLPattern API (positive) (#893) Closes #566 --- activities.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/activities.json b/activities.json index 4291364e..8a8041b0 100644 --- a/activities.json +++ b/activities.json @@ -1528,6 +1528,19 @@ "title": "Trusted Types", "url": "https://w3c.github.io/trusted-types/dist/spec/" }, + { + "ciuName": "mdn-api_urlpattern", + "description": "The URLPattern API provides a web platform primitive for matching URLs based on a convenient pattern syntax.", + "id": "urlpattern", + "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/URLPattern", + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1731418", + "mozPosition": "positive", + "mozPositionDetail": "URLPattern is an important primitive for the evolution of ServiceWorkers through the introduction of the Static Routing API. Similar to Web Locks which evolved out of the ServiceWorkers Cache API, it is appropriate that URLPattern be distinct from the Service Workers spec and WG as it is useful in other contexts as well.", + "mozPositionIssue": 566, + "org": "Proposal", + "title": "URLPattern API", + "url": "https://wicg.github.io/urlpattern/" + }, { "ciuName": null, "description": "The QID Emoji Tag Sequences (or QID emoji, for short) have been proposed to provide a well-defined mechanism for implementations to support additional valid emoji that are not representable by Unicode characters or emoji zwj sequences. This mechanism allows for the interchange of emoji whose meaning is discoverable, and which should be correctly parsed by all conformant implementations (although only displayed by implementations that support it). The meaning of each of these valid emoji is established by reference to a Wikidata QID.", From 946426070ad91f53e699a17fed68f9600565c25d Mon Sep 17 00:00:00 2001 From: Andrew Sutherland Date: Thu, 28 Sep 2023 22:31:42 -0400 Subject: [PATCH 17/44] Service Worker Static Routing API (positive) (#894) Closes #828 --- activities.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/activities.json b/activities.json index 8a8041b0..8d6fcba3 100644 --- a/activities.json +++ b/activities.json @@ -1318,6 +1318,19 @@ "title": "Service binding and parameter specification via the DNS (DNS SVCB and HTTPSSVC)", "url": "https://tools.ietf.org/html/draft-ietf-dnsop-svcb-httpssvc" }, + { + "ciuName": null, + "description": "The initial proposal allows ServiceWorkers to define routes using URLPattern to bypass the ServiceWorker, avoiding spurious ServiceWorker wake-ups and avoiding the additional latency of sending requests to the ServiceWorker that it will not handle. Longer term, the mechanism could also support consulting the Cache API without needing to wake up a ServiceWorker.", + "id": "service-worker-static-routing-api", + "mdnUrl": null, + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1855580", + "mozPosition": "positive", + "mozPositionDetail": "A longstanding performance concern for ServiceWorkers and the sites using them is that there is no way to skip going to a ServiceWorker for a controlled page when there is a \"fetch\" handler present. The Static Routing API has been recognized as an ideal solution to address the problem versus other proposals like adding new attributes to HTML tags or arguments to the fetch API. The static routing API had been discussed extensively in ServiceWorker WG meetings as a reasonable option but very complex to implement and specify, which is why it was not part of the original spec. With the introduction of the URLPattern API, the Static Routing API is thankfully even easier to implement and specify. The evolutionary approach where the Static Routing API will only start with a network source that bypasses the ServiceWorker is appropriately pragmatic.", + "mozPositionIssue": 828, + "org": "Proposal", + "title": "ServiceWorker Static Routing API", + "url": "https://github.com/WICG/service-worker-static-routing-api/" + }, { "ciuName": "shadowdomv1", "description": "A way to give a node in the DOM a hidden subtree in which the children of the node can be inserted.", From f002f88d15146de6f1fd142ed6f6db5078858c87 Mon Sep 17 00:00:00 2001 From: Simon Pieters Date: Tue, 3 Oct 2023 01:21:13 +0200 Subject: [PATCH 18/44] Add UserActivation (positive) (#899) * Add UserActivation (positive) Closes #838 * Apply suggestions from code review --- activities.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/activities.json b/activities.json index 8d6fcba3..db402f70 100644 --- a/activities.json +++ b/activities.json @@ -1578,6 +1578,19 @@ "title": "User Agent Client Hints", "url": "https://wicg.github.io/ua-client-hints/" }, + { + "ciuName": null, + "description": "The UserActivation API provides the ability to query whether the window currently has or has previously had real user interaction.", + "id": "user-activation", + "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/UserActivation", + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1791079", + "mozPosition": "positive", + "mozPositionDetail": "This API exposes the sticky activation and transient activation concepts which browsers use internally for, e.g., allowing popups. These concepts are useful for web apps as well.", + "mozPositionIssue": 838, + "org": "WHATWG", + "title": "UserActivation", + "url": "https://html.spec.whatwg.org/multipage/interaction.html#the-useractivation-interface" + }, { "ciuName": "webauthn", "description": "This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. Conceptually, one or more public key credentials, each scoped to a given WebAuthn Relying Party, are created by and bound to authenticators as requested by the web application. The user agent mediates access to authenticators and their public key credentials in order to preserve user privacy. Authenticators are responsible for ensuring that no operation is performed without user consent. Authenticators provide cryptographic proof of their properties to Relying Parties via attestation. This specification also describes the functional model for WebAuthn conformant authenticators, including their signature and attestation functionality.", From adf3437b944892ff5bd3d67a4a128edf005a8226 Mon Sep 17 00:00:00 2001 From: Tiaan Louw Date: Tue, 24 Oct 2023 11:06:32 +0200 Subject: [PATCH 19/44] Relative Color Syntax (positive) Closes #841 --- activities.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/activities.json b/activities.json index db402f70..4531163b 100644 --- a/activities.json +++ b/activities.json @@ -1209,6 +1209,19 @@ "title": "Raw Clipboard Access", "url": "https://github.com/WICG/raw-clipboard-access/" }, + { + "ciuName": null, + "description": "Relative color syntax (RCS) allows developers to create a range of dynamic colors, starting from a base color, that will change as the base color changes. Great for creating color palettes and schemes.", + "id": "css-relative-color-syntax", + "mdnUrl": null, + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1701488", + "mozPosition": "positive", + "mozPositionDetail": "Enables more freedom for developers to make use of the new forms and spaces introduced in CSS Color Module Level 4.", + "mozPositionIssue": 841, + "org": "W3C", + "title": "Relative color syntax (CSS Color Module Level 5)", + "url": "https://drafts.csswg.org/css-color-5/#relative-colors" + }, { "ciuName": null, "description": "A TC39 proposal to add an .at() method to all the basic indexable classes (Array, String, TypedArray) which allows relative indexing of collection.", From 9acedaa98107f251c747a2ad213ea5b358618e59 Mon Sep 17 00:00:00 2001 From: Simon Pieters Date: Tue, 24 Oct 2023 13:48:08 +0200 Subject: [PATCH 20/44] Change lazy-loading-attr to also cover iframes (#911) * Change lazy-loading-attr to also cover iframes See #840 * Apply suggestions from code review --- activities.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/activities.json b/activities.json index 4531163b..98071ddf 100644 --- a/activities.json +++ b/activities.json @@ -886,16 +886,16 @@ }, { "ciuName": "loading-lazy-attr", - "description": "Enabling images to be fetched at a later time, when the user is likely to look at them.", + "description": "Enabling images and iframes to be fetched at a later time, when the user is likely to look at them.", "id": "loading-lazy-attr", - "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/img#attr-loading", + "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/Performance/Lazy_loading#images_and_iframes", "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542784", "mozPosition": "positive", - "mozPositionDetail": "As currently scoped in the HTML pull request this is a reasonable addition to how images are fetched. (Note that the scope on Can I use is slightly bigger. Frames are likely a reasonable addition, but have their own set of design challenges.)", + "mozPositionDetail": "As currently specified in HTML this is a reasonable addition to how images and iframes are fetched. ", "mozPositionIssue": 151, "org": "WHATWG", - "title": "Lazy loading (of images)", - "url": "https://github.com/whatwg/html/pull/3752" + "title": "Lazy loading", + "url": "https://html.spec.whatwg.org/multipage/urls-and-fetching.html#lazy-loading-attributes" }, { "ciuName": null, From f5f9bdbb1e329850ed7537aec2aecd77e6517490 Mon Sep 17 00:00:00 2001 From: Andrew Sutherland Date: Wed, 27 Sep 2023 19:44:32 -0400 Subject: [PATCH 21/44] Storage Buckets API (positive) Closes #475. --- activities.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/activities.json b/activities.json index 98071ddf..2d19dd0a 100644 --- a/activities.json +++ b/activities.json @@ -1393,6 +1393,19 @@ "title": "Storage Access API", "url": "https://github.com/privacycg/storage-access" }, + { + "ciuName": null, + "description": "The Storage Buckets API provides a way for sites to organize locally stored data into groupings called \"storage buckets\". This allows the user agent or sites to manage and delete buckets independently rather than applying the same treatment to all the data from a single origin.", + "id": "storage-buckets", + "mdnUrl": null, + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1594740", + "mozPosition": "positive", + "mozPositionDetail": "Data clearing on storage pressure is fundamentally limited by the current single \"default\" storage bucket per origin and an all-or-nothing persistent flag for that bucket. As use of ServiceWorkers continues to increase and sites store or cache more data, a primitive that makes it easier for sites to store their data more granularly and for browsers to clear it more granularly is essential, especially for devices with limited storage and/or heavy storage uses outside of the browser's own needs.", + "mozPositionIssue": 475, + "org": "Proposal", + "title": "Storage Buckets API", + "url": "https://wicg.github.io/storage-buckets/" + }, { "ciuName": "streams", "description": "This specification provides APIs for creating, composing, and consuming streams of data that map efficiently to low-level I/O primitives.", From 742589fbb05047d9aca5a46aee29665f1afbdfda Mon Sep 17 00:00:00 2001 From: Simon Pieters Date: Thu, 30 Nov 2023 13:49:57 +0100 Subject: [PATCH 22/44] Positive: Invokers Closes #902 --- activities.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/activities.json b/activities.json index 2d19dd0a..cbe706cd 100644 --- a/activities.json +++ b/activities.json @@ -835,6 +835,19 @@ "title": "Incrementally Better Cookies", "url": "https://tools.ietf.org/html/draft-west-cookie-incrementalism" }, + { + "ciuName": null, + "description": "Invokers allow authors to assign behaviour to buttons in a more accessible and declarative way.", + "id": "invokers", + "mdnUrl": null, + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1856430", + "mozPosition": "positive", + "mozPositionDetail": "This proposal reduces the need for JavaScript for pages to build interactive elements. Using invokers is more likely to result in good accessibility and device-independence than existing methods.", + "mozPositionIssue": 902, + "org": "WHATWG", + "title": "Invokers", + "url": "https://github.com/whatwg/html/pull/9841" + }, { "ciuName": "jpegxl", "description": "The JPEG XL Image Coding System (ISO/IEC 18181) has a rich feature set and is particularly optimised for responsive web environments, so that content renders well on a wide range of devices. Moreover, it includes several features that help transition from the legacy JPEG format.", From 05e0206aa319ecac12ed2be2b2a50a8ed171e74c Mon Sep 17 00:00:00 2001 From: Frederik Braun Date: Wed, 13 Dec 2023 22:59:38 +0100 Subject: [PATCH 23/44] Update standards position on Trusted Types - fixes #20 (#936) * Update standards position on Trusted Types - fixes #20 * Update activities.json Co-authored-by: Martin Thomson --------- Co-authored-by: Frederik Braun Co-authored-by: Martin Thomson --- activities.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/activities.json b/activities.json index cbe706cd..708acfd2 100644 --- a/activities.json +++ b/activities.json @@ -1573,8 +1573,8 @@ "description": "An API that allows applications to lock down powerful APIs to only accept non-spoofable, typed values in place of strings to prevent vulnerabilities caused by using these APIs with attacker-controlled inputs.", "id": "trusted-types", "mozBugUrl": null, - "mozPosition": "neutral", - "mozPositionDetail": "The API could be used to harden sites against certain cross-site scripting issues, but it is sufficiently complex that we are concerned that it will not be suitable for many sites.", + "mozPosition": "positive", + "mozPositionDetail": "Mozilla believes that preventing DOM-based XSS is an important security goal. The track record of preventing DOM-based XSS is convincing. Dealing with inscrutable third-party dependencies or external JavaScript has been a major concern of security and enforcing reasonable boundaries is a promising approach. We have some reservations about some features in the Chromium implementation, which need to be validated and standardized or removed.", "mozPositionIssue": 20, "org": "W3C", "title": "Trusted Types", From 2f98426a42bbf13c99e46226c253f85d4e733203 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Thu, 14 Dec 2023 22:24:33 +1100 Subject: [PATCH 24/44] Update actions; cache pip (#940) --- .github/workflows/validate.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 510c165c..21f1e31e 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -11,7 +11,9 @@ jobs: name: Build runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2 - - uses: actions/setup-python@v2 + - uses: actions/checkout@v4 + - uses: actions/setup-python@v4 + with: + cache: pip - run: pip install -r requirements.txt - run: python ./activities.py validate From c45dfd8cc957d9771e2f7048dadcc449c9cdb5a8 Mon Sep 17 00:00:00 2001 From: Ryan Hunt Date: Tue, 2 Jan 2024 15:27:21 -0600 Subject: [PATCH 25/44] WebAssembly JS Promise Integration (positive) Fixes #944. --- activities.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/activities.json b/activities.json index 708acfd2..153a36b6 100644 --- a/activities.json +++ b/activities.json @@ -1793,6 +1793,19 @@ "title": "WebAssembly Exception Handling", "url": "https://github.com/webassembly/exception-handling/" }, + { + "ciuName": null, + "description": "", + "id": "wasm-js-promise-integration", + "mdnUrl": null, + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1850627", + "mozPosition": "positive", + "mozPositionDetail": "Addresses a major paint point for developers porting existing applications that assume synchronous I/O to the web.", + "mozPositionIssue": 944, + "org": "Proposal", + "title": "WebAssembly JS Promise Integration", + "url": "https://github.com/WebAssembly/js-promise-integration/" + }, { "ciuName": null, "description": "128-bit vector data type and operations for webassembly", From b9dbf59a986cd219097c8cbccc75cff224f6a866 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Tue, 9 Jan 2024 02:41:11 +1100 Subject: [PATCH 26/44] Run pre-commit using a python venv This ensures that you don't need to rely on the environment quite so much. Also: Add .gitignore for venv dir --- .gitignore | 3 +++ pre-commit | 16 +++++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..bb03f1e9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*.swp +*~ +/venv/ diff --git a/pre-commit b/pre-commit index 6f728692..f292f581 100755 --- a/pre-commit +++ b/pre-commit @@ -7,6 +7,7 @@ # $ ln -s ../../hooks/pre-commit .git/pre-commit root="$(git rev-parse --show-toplevel 2>/dev/null)" +venv="$root/venv" # Some sanity checking. hash python3 || exit 1 @@ -17,7 +18,7 @@ if [[ "$1" == "install" ]]; then hook="$root"/.git/hooks/pre-commit if [[ -e "$hook" ]]; then echo "Hook already installed:" - ls -l "$hook" + ls -l "$hook" else ln -s ../../pre-commit "$hook" echo "Installed git pre-commit hook at $hook" @@ -25,6 +26,19 @@ if [[ "$1" == "install" ]]; then exit fi +# venv setup +if [ ! -d "$venv" ]; then + echo "Setting up python venv" + python3 -m venv "$venv" + source "$venv/bin/activate" + pip3 install -r requirements.txt +elif [ requirements.txt -nt "$venv" ]; then + source "$venv/bin/activate" + pip3 install --upgrade --upgrade-stategy eager -r requirements.txt +else + source "$venv/bin/activate" +fi + exec 1>&2 # Perform validation. From b8886b77aae7d3443de5ccb685a2b4e6a8876c95 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Mon, 8 Jan 2024 12:36:46 +1100 Subject: [PATCH 27/44] Update IETF URLs I will admit to not having completely tested all of the combinations here, but the changes here were a great help to me when building the last pull request. --- activities.json | 32 ++++++------- activities.py | 118 +++++++++++++++++++++++++++++++++--------------- 2 files changed, 97 insertions(+), 53 deletions(-) diff --git a/activities.json b/activities.json index 153a36b6..dcff569f 100644 --- a/activities.json +++ b/activities.json @@ -57,7 +57,7 @@ "mozPositionIssue": 134, "org": "IETF", "title": "An HTTP Status Code for Indicating Hints (103)", - "url": "https://tools.ietf.org/html/rfc8297" + "url": "https://datatracker.ietf.org/doc/html/rfc8297" }, { "ciuName": null, @@ -142,7 +142,7 @@ "mozPositionIssue": 264, "org": "Proposal", "title": "Bundled HTTP Exchanges", - "url": "https://tools.ietf.org/html/draft-yasskin-wpack-bundled-exchanges" + "url": "https://datatracker.ietf.org/doc/html/draft-yasskin-wpack-bundled-exchanges" }, { "ciuName": "streams", @@ -328,7 +328,7 @@ "mozPositionIssue": 131, "org": "IETF", "title": "Cache Digests for HTTP/2", - "url": "https://tools.ietf.org/html/draft-ietf-httpbis-cache-digest" + "url": "https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cache-digest" }, { "ciuName": null, @@ -534,7 +534,7 @@ "mozPositionIssue": 139, "org": "IETF", "title": "Encrypted Server Name Indication for TLS 1.3", - "url": "https://tools.ietf.org/html/draft-ietf-tls-esni" + "url": "https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni" }, { "ciuName": null, @@ -760,7 +760,7 @@ "mozPositionIssue": 144, "org": "Proposal", "title": "HTTP Cache-Control Extensions for Stale Content", - "url": "https://tools.ietf.org/html/rfc5861" + "url": "https://datatracker.ietf.org/doc/html/rfc5861" }, { "ciuName": "client-hints-dpr-width-viewport", @@ -773,7 +773,7 @@ "mozPositionIssue": 79, "org": "IETF", "title": "HTTP Client Hints", - "url": "https://tools.ietf.org/html/draft-ietf-httpbis-client-hints" + "url": "https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-client-hints" }, { "ciuName": null, @@ -833,7 +833,7 @@ "mozPositionIssue": 260, "org": "Proposal", "title": "Incrementally Better Cookies", - "url": "https://tools.ietf.org/html/draft-west-cookie-incrementalism" + "url": "https://datatracker.ietf.org/doc/html/draft-west-cookie-incrementalism" }, { "ciuName": null, @@ -920,7 +920,7 @@ "mozPositionIssue": 121, "org": "IETF", "title": "Let 'localhost' be localhost.", - "url": "https://tools.ietf.org/html/draft-ietf-dnsop-let-localhost-be-localhost" + "url": "https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-let-localhost-be-localhost" }, { "ciuName": null, @@ -1318,7 +1318,7 @@ "mozPositionIssue": 175, "org": "IETF", "title": "Secondary Certificate Authentication in HTTP/2", - "url": "https://tools.ietf.org/html/draft-ietf-httpbis-http2-secondary-certs" + "url": "https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-http2-secondary-certs" }, { "ciuName": "mdn-api_serial", @@ -1342,7 +1342,7 @@ "mozPositionIssue": 208, "org": "IETF", "title": "Service binding and parameter specification via the DNS (DNS SVCB and HTTPSSVC)", - "url": "https://tools.ietf.org/html/draft-ietf-dnsop-svcb-httpssvc" + "url": "https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-httpssvc" }, { "ciuName": null, @@ -1392,7 +1392,7 @@ "mozPositionIssue": 29, "org": "Proposal", "title": "Signed HTTP Exchanges", - "url": "https://tools.ietf.org/html/draft-yasskin-http-origin-signed-responses" + "url": "https://datatracker.ietf.org/doc/html/draft-yasskin-http-origin-signed-responses" }, { "ciuName": "", @@ -1442,7 +1442,7 @@ "mozPositionIssue": 256, "org": "IETF", "title": "Structured Headers for HTTP", - "url": "https://tools.ietf.org/html/draft-ietf-httpbis-header-structure" + "url": "https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-header-structure" }, { "ciuName": null, @@ -1505,7 +1505,7 @@ "mozPositionIssue": 261, "org": "Proposal", "title": "The Privacy Pass Protocol", - "url": "https://tools.ietf.org/html/draft-privacy-pass" + "url": "https://datatracker.ietf.org/doc/html/draft-privacy-pass" }, { "ciuName": null, @@ -1530,7 +1530,7 @@ "mozPositionIssue": 167, "org": "Proposal", "title": "The WebTransport Protocol Framework", - "url": "https://tools.ietf.org/html/draft-ietf-webtrans-overview" + "url": "https://datatracker.ietf.org/doc/html/draft-ietf-webtrans-overview" }, { "ciuName": "mdn-javascript_operators_await_top_level", @@ -1554,7 +1554,7 @@ "mozPositionIssue": 96, "org": "IETF", "title": "Transport Layer Security (TLS) Certificate Compression", - "url": "https://tools.ietf.org/html/draft-ietf-tls-certificate-compression" + "url": "https://datatracker.ietf.org/doc/html/draft-ietf-tls-certificate-compression" }, { "ciuName": null, @@ -1930,7 +1930,7 @@ "mozPositionIssue": 105, "org": "IETF", "title": "Zstandard Compression and the application/zstd Media Type", - "url": "https://tools.ietf.org/html/rfc8478" + "url": "https://datatracker.ietf.org/doc/html/rfc8478" }, { "ciuName": "dialog", diff --git a/activities.py b/activities.py index b45c323d..9f290cfe 100755 --- a/activities.py +++ b/activities.py @@ -27,7 +27,9 @@ from requests.auth import HTTPBasicAuth except ImportError: sys.stderr.write("ERROR: Dependency not available. Try:\n") - sys.stderr.write(" > pip3 install --user beautifulsoup4 requests html5lib\n\n") + sys.stderr.write( + " > pip3 install --user beautifulsoup4 requests html5lib\n\n" + ) sys.exit(1) @@ -44,16 +46,18 @@ class IdType(object): "indicates an ID attribute." pass + class UrlType(object): "indicates a URL." pass + class UrlArrayType(object): "indicates a URL or array of URLs." pass -StringType = type(u"") +StringType = type("") ArrayType = type([]) @@ -67,7 +71,11 @@ class ActivitiesJson(object): ("title", True, StringType), ("description", True, StringType), ("ciuName", False, StringType), - ("org", True, ["W3C", "IETF", "Ecma", "WHATWG", "Unicode", "Proposal", "Other"]), + ( + "org", + True, + ["W3C", "IETF", "Ecma", "WHATWG", "Unicode", "Proposal", "Other"], + ), ("group", False, StringType), ("url", True, UrlType), ("mdnUrl", False, UrlArrayType), @@ -134,7 +142,9 @@ def entry_unique(self, spec_entry): ["%s already contains id %s" % (self.filename, entry["id"])] ) if entry["url"] in [e["url"] for e in self.data]: - raise ValueError(["%s already contains url %s" % (self.filename, entry["url"])]) + raise ValueError( + ["%s already contains url %s" % (self.filename, entry["url"])] + ) def validate(self, check_sorting): """ @@ -161,7 +171,11 @@ def validate(self, check_sorting): # Check that the entries are sorted by title, as save writes them. if check_sorting and prevTitle is not None and prevTitle > title: - errors.append("{} is sorted incorrectly based on its title (it should not be after {})".format(title, prevTitle)) + errors.append( + "{} is sorted incorrectly based on its title (it should not be after {})".format( + title, prevTitle + ) + ) prevTitle = title return errors @@ -174,7 +188,7 @@ def validate_entry(self, entry, title=None, is_adding=False): if not title: title = "Entry" errors = [] - for (name, required, value_type) in self.expected_entry_items: + for name, required, value_type in self.expected_entry_items: entry_value = entry.get(name, None) if required and not is_adding and entry_value is None: errors.append("%s doesn't have required member %s" % (title, name)) @@ -185,25 +199,33 @@ def validate_entry(self, entry, title=None, is_adding=False): if isinstance(entry_value, StringType): for char in entry_value: if char in string.whitespace: - errors.append("%s's %s contains whitespace" % (title, name)) + errors.append( + "%s's %s contains whitespace" % (title, name) + ) else: errors.append("%s's %s isn't a string." % (title, name)) elif value_type == UrlType: if isinstance(entry_value, StringType): - pass # FIXME: validate URL more? + pass # FIXME: validate URL more? else: errors.append("%s's %s isn't a URL string." % (title, name)) elif value_type == UrlArrayType: if isinstance(entry_value, StringType): - pass # FIXME: validate URL more? + pass # FIXME: validate URL more? elif isinstance(entry_value, ArrayType): for url in entry_value: if isinstance(url, StringType): - pass # FIXME: validate URL more? + pass # FIXME: validate URL more? else: - errors.append("%s's %s isn't a URL string or array of them." % (title, name)) + errors.append( + "%s's %s isn't a URL string or array of them." + % (title, name) + ) else: - errors.append("%s's %s isn't a URL string or array of them." % (title, name)) + errors.append( + "%s's %s isn't a URL string or array of them." + % (title, name) + ) elif isinstance(value_type, type): if not isinstance(entry_value, value_type): errors.append("%s's %s isn't a %s" % (title, name, value_type)) @@ -237,7 +259,7 @@ class SpecEntry(object): def __init__(self, spec_url): self.orig_url = spec_url self.data = { - "id": u"", + "id": "", "title": "", "description": None, "ciuName": None, @@ -246,7 +268,7 @@ def __init__(self, spec_url): "mdnUrl": None, "mozBugUrl": None, "mozPositionIssue": None, - "mozPosition": u"under consideration", + "mozPosition": "under consideration", "mozPositionDetail": None, } self.parser = None @@ -269,7 +291,8 @@ def figure_out_org(self): self.parser = WHATWGParser else: sys.stderr.write( - "* ERROR: Can't figure out what organisation %s belongs to! Using Proposal.\n" % host + "* ERROR: Can't figure out what organisation %s belongs to! Using Proposal.\n" + % host ) def fetch_spec_data(self, url): @@ -288,7 +311,7 @@ def fetch_spec_data(self, url): try: spec_data = self.parser().parse(soup, url) except BetterUrl as why: - new_url = why[0] + new_url = str(why) sys.stderr.write("* Trying <%s>...\n" % new_url) spec_data = self.fetch_spec_data(new_url) except FetchError: @@ -438,10 +461,12 @@ def parse(self, spec, url_string): sys.exit(1) return data + class W3CCGParser(W3CParser): "Parser for W3C community group specs" org = "Proposal" + class WHATWGParser(W3CParser): "Parser for WHATWG specs" org = "WHATWG" @@ -456,16 +481,20 @@ def get_meta(self, spec, names): Takes a list of names that are tried in sequence; if none are present, None is returned. """ - try: - name = names.pop(0) - except IndexError: - return None - try: - return spec.head.find("meta", attrs={"name": name})["content"].replace( - "\n", " " - ) - except (TypeError, AttributeError): - return self.get_meta(spec, names) + for name in names: + try: + return spec.head.find("meta", attrs={"name": name})["content"].replace( + "\n", " " + ) + except (TypeError, AttributeError): + pass + try: + return spec.head.find("meta", attrs={"property": name})[ + "content" + ].replace("\n", " ") + except (TypeError, AttributeError): + pass + return None def parse(self, spec, url_string): url = urlsplit(url_string) @@ -482,16 +511,15 @@ def parse(self, spec, url_string): self.html_url("rfc%s" % identifier.rsplit(":", 1)[1]) ) draft_name, draft_number = self.parse_draft_name(path_components[-1]) - if draft_number: - raise BetterUrl(self.html_url(draft_name)) + raise BetterUrl(self.html_url(draft_name)) elif path_components[1] in ["id", "pdf"]: raise BetterUrl(self.html_url(path_components[2])) else: raise FetchError("I don't think that's a specification.") elif url.netloc.lower() == "www.ietf.org" and path_components[1] == "id": - if path_components[1] in ["id", "pdf"]: + if path_components[1] in ["archive", "id", "pdf"]: try: - draft_name = path_components[2].rsplit(".", 1)[0] + draft_name = path_components[-1].rsplit(".", 1)[0] except ValueError: draft_name = path_components[2] draft_name = self.parse_draft_name(draft_name)[0] @@ -500,18 +528,34 @@ def parse(self, spec, url_string): raise FetchError("I don't think that's a specification.") elif url.netloc.lower() == "datatracker.ietf.org": if path_components[1] == "doc": - raise BetterUrl(self.html_url(path_components[2])) + draft_name, draft_number = self.parse_draft_name(path_components[-1]) + if draft_number or path_components[2] != "html": + raise BetterUrl(self.html_url(draft_name)) + elif path_components[1] in ["archive", "id", "pdf"]: + raise BetterUrl(self.html_url(path_components[-1])) else: raise FetchError("I don't think that's a specification.") data = {} - data["title"] = self.get_meta(spec, ["DC.Title"]) or spec.head.title.string + data["title"] = self.get_meta( + spec, ["og:title", "DC.Title"] + ) or spec.head.title.string.replace("\n", " ") data["description"] = ( self.get_meta( - spec, ["description", "dcterms.abstract", "DC.Description.Abstract"] + spec, + [ + "og:description", + "description", + "dcterms.abstract", + "DC.Description.Abstract", + ], ) or "" ) - is_ietf = draft_name.startswith("rfc") or draft_name.startswith("draft-ietf-") or draft_name.startswith("draft-irtf-") + is_ietf = ( + draft_name.startswith("rfc") + or draft_name.startswith("draft-ietf-") + or draft_name.startswith("draft-irtf-") + ) data["org"] = self.org = "IETF" if is_ietf else "Proposal" data["url"] = self.clean_url(url_string) return data @@ -530,8 +574,8 @@ def parse_draft_name(instr): @staticmethod def html_url(doc_name): "Return the canonical URL for a document name." - path = "/".join(["html", doc_name]) - return urlunsplit(["https", "tools.ietf.org", path, "", ""]) + path = "/".join(["doc", "html", doc_name]) + return urlunsplit(["https", "datatracker.ietf.org", path, "", ""]) # Map of URL hostnames to org-specific parsers. @@ -591,7 +635,7 @@ def usage(): if VERB in ["validate", "add", "sort"]: ACTIVITIES = ActivitiesJson("activities.json") - ERRORS = ACTIVITIES.validate(check_sorting = (VERB != "sort")) + ERRORS = ACTIVITIES.validate(check_sorting=(VERB != "sort")) if ERRORS: sys.stderr.write("\n".join(["* ERROR: %s" % E for E in ERRORS]) + "\n") sys.exit(1) From 3ed3f7dbf9191b7bfe1570cb8add2c0cbb8eaebe Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Tue, 9 Jan 2024 20:11:32 +1100 Subject: [PATCH 28/44] Privacy Pass (#958) * Privacy Pass positions 1. Remove the position on privacy pass as a whole 2. Update the Private State Token (formerly Trust Token; Google) position to reflect conclusions 3. Add a position on Private Access Tokens (Apple) Closes #261. Closes #262. Closes #954. * Fixup duplicate --- activities.json | 49 +++++++++++++++++++++++++------------------------ 1 file changed, 25 insertions(+), 24 deletions(-) diff --git a/activities.json b/activities.json index dcff569f..ce3e5fc2 100644 --- a/activities.json +++ b/activities.json @@ -1185,6 +1185,19 @@ "title": "Priority Hints", "url": "https://wicg.github.io/priority-hints/" }, + { + "ciuName": null, + "description": "Private Access Tokens is the name given to the integration of Privacy Pass mechanism into Apple's networking stack.", + "id": "private-access-tokens", + "mdnUrl": null, + "mozBugUrl": null, + "mozPosition": "negative", + "mozPositionDetail": "This application of Privacy Pass fairly closely follows the IETF specification, but the integration with the Web means that the effect is of a proprietary deployment. A number of considerations relevant to use on the Web have not been adequately addressed in the deployment.", + "mozPositionIssue": 954, + "org": "Proposal", + "title": "Private Access Tokens", + "url": "https://datatracker.ietf.org/doc/html/draft-ietf-privacypass-auth-scheme" + }, { "ciuName": null, "description": "This specification defines a privacy preserving way to attribute a conversion, such as a purchase or a sign-up, to a previous ad click.", @@ -1210,6 +1223,18 @@ "title": "Private Network Access", "url": "https://wicg.github.io/private-network-access/" }, + { + "ciuName": null, + "description": "The Private State Token API is a web platform API that allows propagating a limited amount of signals across sites, using the Privacy Pass protocol as an underlying primitive.", + "id": "private-state-token", + "mozBugUrl": null, + "mozPosition": "negative", + "mozPositionDetail": "Private State Tokens provides sites with the means to exchange information about visitors, using Privacy Pass to ensure that there are very tight bounds on the rate of information transfer. We conclude that the usage constraints in the design are insufficient to effectively safeguard privacy.", + "mozPositionIssue": 262, + "org": "Proposal", + "title": "Private State Token API", + "url": "https://github.com/WICG/trust-token-api/blob/master/README.md" + }, { "ciuName": null, "description": "Powerful web applications would like to exchange data with native applications via the OS clipboard (copy-paste). The existing Web Platform has a high-level API that supports the most popular standardized data types (text, image, rich text) across all platforms. However, this API does not scale to the long tail of specialized formats. In particular, non-web-standard formats like TIFF (a large image format), and proprietary formats like .docx (a document format), are not supported by the current Web Platform. Raw Clipboard Access aims to provide a low-level API solution to this problem, by implementing copying and pasting of data with any arbitrary Clipboard type, without encoding and decoding.", @@ -1495,18 +1520,6 @@ "title": "The Popover API", "url": "https://github.com/whatwg/html/pull/8221" }, - { - "ciuName": null, - "description": "This document specifies the Privacy Pass protocol for anonymously authorizing clients with services on the Internet. Note to Readers Source for this draft and an issue tracker can be found at https://github.com/grittygrease/draft-privacy-pass [1].", - "id": "privacy-pass", - "mozBugUrl": null, - "mozPosition": "defer", - "mozPositionDetail": "This protocol provides a way to achieve certain important goals, such as denial of service mitigation, without also creating tracking mechanisms. As such, we are very supportive of the goal. However, we will defer making a firm position until the protocol and the novel cryptographic primitives it relies on have had more thorough security analysis.", - "mozPositionIssue": 261, - "org": "Proposal", - "title": "The Privacy Pass Protocol", - "url": "https://datatracker.ietf.org/doc/html/draft-privacy-pass" - }, { "ciuName": null, "description": "The goal of the Topics API is to provide callers with coarse-grained advertising topics that the page visitor might currently be interested in.", @@ -1556,18 +1569,6 @@ "title": "Transport Layer Security (TLS) Certificate Compression", "url": "https://datatracker.ietf.org/doc/html/draft-ietf-tls-certificate-compression" }, - { - "ciuName": null, - "description": "This document is an explainer for a potential future web platform API that allows propagating trust across sites, using the Privacy Pass protocol as an underlying primitive.", - "id": "trust-token", - "mozBugUrl": null, - "mozPosition": "defer", - "mozPositionDetail": "This API depends on the Privacy Pass protocol, for which we have deferred our position statement.", - "mozPositionIssue": 262, - "org": "Proposal", - "title": "Trust Token API", - "url": "https://github.com/WICG/trust-token-api/blob/master/README.md" - }, { "ciuName": "trusted-types", "description": "An API that allows applications to lock down powerful APIs to only accept non-spoofable, typed values in place of strings to prevent vulnerabilities caused by using these APIs with attacker-controlled inputs.", From 5e6937f1e68adac03628f2df80b9490b31cf45d6 Mon Sep 17 00:00:00 2001 From: Brian Grinstead Date: Wed, 10 Jan 2024 12:49:19 -0800 Subject: [PATCH 29/44] Update Serial position (#959) --- activities.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/activities.json b/activities.json index ce3e5fc2..263eec36 100644 --- a/activities.json +++ b/activities.json @@ -1350,11 +1350,11 @@ "description": "The Serial API provides a way for websites to read and write from a serial device through script. Such an API would bridge the web and the physical world, by allowing documents to communicate with devices such as microcontrollers, 3D printers, and other serial devices. There is also a companion explainer document.", "id": "webserial", "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=webserial", - "mozPosition": "negative", - "mozPositionDetail": "Devices that offer serial interfaces often expose powerful, low-level functions over the interface with little or no authentication. Exposing that sort of capability to the web without adequate safeguards presents a significant threat to those devices.", + "mozPosition": "neutral", + "mozPositionDetail": "Devices that offer serial interfaces often expose powerful, low-level functions over the interface with little or no authentication. Exposing that sort of capability to the web without adequate safeguards presents a significant threat to those devices. A user deliberately installing a site-specific add-on may be adequate, given sufficiently understandable consent copy.", "mozPositionIssue": 336, "org": "Proposal", - "title": "Serial API", + "title": "Serial API (Add-On Gated)", "url": "https://wicg.github.io/serial" }, { From ed9824ddba9f67b83619f5c469aa80fd3ad0524b Mon Sep 17 00:00:00 2001 From: Jan-Ivar Bruaroey Date: Wed, 10 Jan 2024 17:34:45 -0500 Subject: [PATCH 30/44] s/webrtc-insertable-streams/webrtc-encoded-transform/ fixes broken link (#960) --- activities.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/activities.json b/activities.json index 263eec36..0daa02cc 100644 --- a/activities.json +++ b/activities.json @@ -1848,16 +1848,16 @@ }, { "ciuName": null, - "description": "This API defines an API surface for manipulating the bits on MediaStreamTracks being sent via an RTCPeerConnection.", - "id": "webrtc-insertable-streams", + "description": "This API defines an API surface for manipulating the encoded bits of MediaStreamTracks being sent via an RTCPeerConnection.", + "id": "webrtc-encoded-transform", "mdnUrl": null, "mozBugUrl": null, "mozPosition": "positive", "mozPositionDetail": "This approach provides sites a way to offer a form of end-to-end protection for media, especially in those very common cases where media for group sessions is managed by a central service. The proposed API, together with the SFrame proposal, provides sites the ability to limit the information that is exposed to the central service. Mozilla would prefer to include better key management than this approach proposes, perhaps using MLS, which might guarantee certain security and privacy gains for users. However, we recognize that this is not yet feasible and this API can provide security and privacy gains if carefully applied by sites.", "mozPositionIssue": 330, "org": "W3C", - "title": "WebRTC Insertable Media using Streams", - "url": "https://w3c.github.io/webrtc-insertable-streams/" + "title": "WebRTC Encoded Transform", + "url": "https://w3c.github.io/webrtc-encoded-transform/" }, { "ciuName": "", From b7665ebc25a0a2c27422db149b40533b37de7c2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20Z=C3=BChlcke?= Date: Tue, 16 Jan 2024 23:17:45 +0100 Subject: [PATCH 31/44] Add position on Bounce Tracking Mitigations (#961) * Add position on Bounce Tracking Mitigations * Added comment on cross-browser alignment. * Wording tweak driving implies more force than really exists --------- Co-authored-by: Martin Thomson --- activities.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/activities.json b/activities.json index 0daa02cc..fc88cdac 100644 --- a/activities.json +++ b/activities.json @@ -132,6 +132,19 @@ "title": "BigInt", "url": "https://tc39.github.io/proposal-bigint/" }, + { + "ciuName": null, + "description": "This specification defines navigational tracking and when and how browsers are required to prevent it from happening.", + "id": "bounce-tracking-mitigations", + "mdnUrl": null, + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1839915", + "mozPosition": "positive", + "mozPositionDetail": "With 3rd-party cookies being restricted by default in all major browsers, navigational tracking plays an increasingly important role on the web. This spec describes an effective cross-browser mechanism to combat bounce tracking, which does not rely on tracker lists. It provides predictable detection heuristics for web developers and preserves legitimate uses of short-lived redirects where possible. While browsers already ship similar protections, e.g. Firefox's tracker purging, aligning on common behavior improves web compatibility and encourages site developers to use specialized APIs, rather than relying on top level redirects for functionality.", + "mozPositionIssue": 835, + "org": "Proposal", + "title": "Bounce Tracking Mitigations", + "url": "https://privacycg.github.io/nav-tracking-mitigations/#bounce-tracking-mitigations" + }, { "ciuName": null, "description": "Bundled exchanges provide a way to bundle up groups of HTTP request+response pairs to transmit or store them together. They can include multiple top-level resources with one identified as the default by a manifest, provide random access to their component exchanges, and efficiently store 8-bit resources.", From 226a79da62f52942afd0cff34f5715c8b6c1e42e Mon Sep 17 00:00:00 2001 From: Sean Feng Date: Tue, 16 Jan 2024 17:36:07 -0500 Subject: [PATCH 32/44] Positive: Long Animation Frame API (#962) closes: #929 --- activities.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/activities.json b/activities.json index fc88cdac..75ff1234 100644 --- a/activities.json +++ b/activities.json @@ -935,6 +935,18 @@ "title": "Let 'localhost' be localhost.", "url": "https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-let-localhost-be-localhost" }, + { + "ciuName": null, + "description": "This specification defines APIs for reporting information for frames that take a long time to render.", + "id": "long-animation-frame-api", + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1734997", + "mozPosition": "positive", + "mozPositionDetail": "This feature allows web developers to measure frame congestion and jank, and has a correlation with how user perceive this type of congestion. Web developers can use this API to improve the perceived performance of their pages.", + "mozPositionIssue": 929, + "org": "Proposal", + "title": "Long Animation Frame API", + "url": "https://w3c.github.io/longtasks/#sec-loaf-timing" + }, { "ciuName": null, "description": "This describes APIs for TCP and UDP communication with arbitrary hosts", From 29cb03af5585572ba8a1ea2a3800e4df3f3addd0 Mon Sep 17 00:00:00 2001 From: Sean Feng Date: Wed, 17 Jan 2024 09:13:37 -0500 Subject: [PATCH 33/44] Correct the bug url for Long Animation Frame API --- activities.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/activities.json b/activities.json index 75ff1234..81f7ad38 100644 --- a/activities.json +++ b/activities.json @@ -939,7 +939,7 @@ "ciuName": null, "description": "This specification defines APIs for reporting information for frames that take a long time to render.", "id": "long-animation-frame-api", - "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1734997", + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1348405", "mozPosition": "positive", "mozPositionDetail": "This feature allows web developers to measure frame congestion and jank, and has a correlation with how user perceive this type of congestion. Web developers can use this API to improve the perceived performance of their pages.", "mozPositionIssue": 929, From 225093b11dc0c0f5eb8f89efa01b63e152367586 Mon Sep 17 00:00:00 2001 From: jfkthame Date: Mon, 29 Jan 2024 14:55:17 +0000 Subject: [PATCH 34/44] Add CSS widows & orphans (positive) Closes #972 --- activities.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/activities.json b/activities.json index 81f7ad38..f9d7e865 100644 --- a/activities.json +++ b/activities.json @@ -207,6 +207,19 @@ "title": "CSS Container Queries", "url": "https://drafts.csswg.org/css-contain-3/#container-queries" }, + { + "ciuName": "css-widows-orphans", + "description": "These CSS properties provide control over typographic widows and orphans during fragmentation/pagination.", + "id": "widows-orphans", + "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/CSS/widows", + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=137367", + "mozPosition": "positive", + "mozPositionDetail": null, + "mozPositionIssue": 972, + "org": "W3C", + "title": "CSS Fragmentation Module Level 3: 3.3 Breaks Between Lines: orphans, widows", + "url": "https://drafts.csswg.org/css-break/#widows-orphans" + }, { "ciuName": "css-subgrid", "description": "This draft defines additions to CSS Grid, primarily for the subgrid feature.", From 275f92cb8b0f3d0cbc97fc1ed9d42b0320e207b8 Mon Sep 17 00:00:00 2001 From: Simon Pieters Date: Thu, 1 Feb 2024 04:17:08 +0100 Subject: [PATCH 35/44] Add Scroll-driven animations (positive) (#978) * Add Scroll-driven animations (positive) Closes #347 * Apply suggestions from code review --- activities.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/activities.json b/activities.json index f9d7e865..3a25cb6e 100644 --- a/activities.json +++ b/activities.json @@ -1371,6 +1371,19 @@ "title": "Screen Wake Lock API", "url": "https://w3c.github.io/wake-lock/" }, + { + "ciuName": null, + "description": "Defines CSS properties and an API for creating animations that are tied to the scroll offset of a scroll container.", + "id": "scroll-animations", + "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_scroll-driven_animations", + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1676780", + "mozPosition": "positive", + "mozPositionDetail": "Animations linked to scrolling is desired for some web applications or web sites. A declarative solution allows for better user control and should be easier to use for web developers.", + "mozPositionIssue": 347, + "org": "W3C", + "title": "Scroll-driven Animations", + "url": "https://drafts.csswg.org/scroll-animations-1/" + }, { "ciuName": null, "description": "A use of TLS Exported Authenticators is described which enables HTTP/2 clients and servers to offer additional certificate-based credentials after the connection is established. The means by which these credentials are used with requests is defined.", From 59e2ccac51587c19e4d145c6976fdeb4bf476c04 Mon Sep 17 00:00:00 2001 From: dshin-moz <102040459+dshin-moz@users.noreply.github.com> Date: Mon, 5 Feb 2024 17:20:57 -0500 Subject: [PATCH 36/44] Add CSS Scoped Styles (positive) Closes #472. --- activities.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/activities.json b/activities.json index 3a25cb6e..b235f7fc 100644 --- a/activities.json +++ b/activities.json @@ -294,6 +294,18 @@ "title": "CSS Properties and Values API: @property", "url": "https://drafts.css-houdini.org/css-properties-values-api-1#at-property-rule" }, + { + "ciuName": "css-cascade-scope", + "description": "@scope rule allows targeting CSS rules to subtree or fragment of a document.", + "id": "at-scope", + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=%40scope", + "mozPosition": "positive", + "mozPositionDetail": "Scoped styles allow authors to precisely control upper- and lower-bounds of where CSS rules, without having to add many attributes on DOM elements. However, there is a risk of performance degradation that will have to be answered with implementation experience.", + "mozPositionIssue": 472, + "org": "W3C", + "title": "CSS Scoped Styles", + "url": "https://drafts.csswg.org/css-cascade-6/#scoped-styles" + }, { "ciuName": null, "description": "This specification defines the ::part() and ::theme() pseudo-elements on shadow hosts, allowing shadow hosts to selectively expose chosen elements from their shadow tree to the outside page for styling purposes.", From 11b67dded05ddaecff83bcaf1fc9101f91f43825 Mon Sep 17 00:00:00 2001 From: James Teh Date: Wed, 7 Feb 2024 18:35:41 +1000 Subject: [PATCH 37/44] Add position on ARIA Element Reflection. (#983) Closes #200. --- activities.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/activities.json b/activities.json index b235f7fc..bafbdad7 100644 --- a/activities.json +++ b/activities.json @@ -35,6 +35,18 @@ "title": "ARIA Annotations", "url": "https://github.com/aleventhal/aria-annotations" }, + { + "ciuName": null, + "description": "This will allow ARIA relationship attributes to be set more easily via JavaScript, and in particular will allow setting ARIA relationship attributes which work across Shadow DOM boundaries (with limitations).", + "id": "aria-element-reflection", + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1769586", + "mozPosition": "positive", + "mozPositionDetail": "This is an important piece in making web components accessible. While this unfortunately does not address all of the use cases for ARIA references across shadow roots and it cannot be used declaratively, there is no other single alternative which solves these problems in a reasonable, ergonomic way.", + "mozPositionIssue": 200, + "org": "W3C", + "title": "ARIA Element Reflection", + "url": "https://w3c.github.io/aria/#ARIAMixin" + }, { "ciuName": null, "description": "This document describes an API providing access to accelerated shape detectors (e.g. human faces) for still images and/or live image feeds.", From 28cbce982faebde0329c623266b59d7de0ed4d2f Mon Sep 17 00:00:00 2001 From: Henri Sivonen Date: Fri, 16 Feb 2024 00:24:03 +0200 Subject: [PATCH 38/44] Add Locale Extensions (negative) (#985) Closes #844 --- activities.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/activities.json b/activities.json index bafbdad7..11f0a645 100644 --- a/activities.json +++ b/activities.json @@ -972,6 +972,19 @@ "title": "Let 'localhost' be localhost.", "url": "https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-let-localhost-be-localhost" }, + { + "ciuName": null, + "description": "Exposes to the Web user preferences for hour cycle, first day of week, temperature unit, numbering system, and calendar system overriding values implied by language-region pair", + "id": "locale-extensions", + "mdnUrl": null, + "mozBugUrl": null, + "mozPosition": "negative", + "mozPositionDetail": "Use cases have legitimacy, but they don't seem strong enough to justify the additional fingerprinting surface. Addressing fingerprinting, if even possible, would likely to involve disproportionate design, engineering, and UI surface relative to the utility.", + "mozPositionIssue": 844, + "org": "Proposal", + "title": "Locale Extensions", + "url": "https://github.com/ben-allen/locale-extensions/" + }, { "ciuName": null, "description": "This specification defines APIs for reporting information for frames that take a long time to render.", From 71664588aadcf607f95017dc8ed19817673f2961 Mon Sep 17 00:00:00 2001 From: dshin-moz <102040459+dshin-moz@users.noreply.github.com> Date: Tue, 20 Feb 2024 10:24:30 -0500 Subject: [PATCH 39/44] :has() selector (Positive) Closes #528 --- activities.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/activities.json b/activities.json index 11f0a645..0a7c538c 100644 --- a/activities.json +++ b/activities.json @@ -306,6 +306,19 @@ "title": "CSS Properties and Values API: @property", "url": "https://drafts.css-houdini.org/css-properties-values-api-1#at-property-rule" }, + { + "ciuName": "css-has", + "description": ":has selector lets authors select elements that anchor at least one element that matches its inner relative selector.", + "id": "css-has-selector", + "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/CSS/:has", + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=has-pseudo", + "mozPosition": "positive", + "mozPositionDetail": "We recognize that :has is something that a lot of people want. That power does come with performance costs, like the potential for very poor performance when there is DOM tree mutation. Overall, the utility of the selector justifies this risk, but we might need to do more to help developers avoid the worst problems.", + "mozPositionIssue": 528, + "org": "W3C", + "title": "CSS Relational Pseudo-Class (:has())", + "url": "https://drafts.csswg.org/selectors/#relational" + }, { "ciuName": "css-cascade-scope", "description": "@scope rule allows targeting CSS rules to subtree or fragment of a document.", From 75f051cad49acffaa40f2f47069a1346a317ca2a Mon Sep 17 00:00:00 2001 From: Kagami Sascha Rosylight Date: Mon, 13 May 2024 19:35:17 +0200 Subject: [PATCH 40/44] Add Webkit s-p link template Fixes #1011 --- ISSUE_TEMPLATE.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md index d4e0c8df..21175afa 100644 --- a/ISSUE_TEMPLATE.md +++ b/ISSUE_TEMPLATE.md @@ -8,7 +8,8 @@ * Proposal author(s) (`@`-mention GitHub accounts): * Caniuse.com URL (optional): * Bugzilla URL (optional): -* Mozillians who can provide input (optional): +* Mozillians who can provide input (optional): +* WebKit standards-position: ### Other information From cc6d7f2ce92b767166f04b557756dbb96e576325 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Wed, 15 May 2024 11:14:24 +1000 Subject: [PATCH 41/44] negative: Digital Credentials Closes #1003. --- activities.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/activities.json b/activities.json index 0a7c538c..6cf2a6c2 100644 --- a/activities.json +++ b/activities.json @@ -575,6 +575,19 @@ "title": "Default Accessibility Semantics for Custom Elements", "url": "https://github.com/whatwg/html/pull/4658" }, + { + "ciuName": null, + "description": "The digital credentials API is an extension to the credential management API that enables access to identity documentation that might be held in the user agent or a wallet on the same device.", + "id": "digital-credentials", + "mdnUrl": null, + "mozBugUrl": null, + "mozPosition": "negative", + "mozPositionDetail": "This interface carries a significant risk of causing privacy problems and could lead to unjustified exclusion of web users. Any solution in this area needs to do more to manage these risks before it could be considered safe to deploy.", + "mozPositionIssue": 1003, + "org": "Proposal", + "title": "Digital Credentials", + "url": "https://wicg.github.io/digital-credentials/" + }, { "ciuName": "document-policy", "description": "Document policy allows content to define a policy that constrains embedded content.", From a58844f65fcdd2e15114f95d3f76f4c31fb967de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emilio=20Cobos=20=C3=81lvarez?= Date: Thu, 16 May 2024 14:28:03 +0200 Subject: [PATCH 42/44] Add an entry for intersectionobserver v2 Closes #109 --- activities.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/activities.json b/activities.json index 6cf2a6c2..a7ab3f3e 100644 --- a/activities.json +++ b/activities.json @@ -911,6 +911,18 @@ "title": "Incrementally Better Cookies", "url": "https://datatracker.ietf.org/doc/html/draft-west-cookie-incrementalism" }, + { + "ciuName": null, + "description": "IntersectionObserver extension for occlusion detection / clickjacking prevention.", + "id": "intersectionobserver-v2", + "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1896900", + "mozPosition": "positive", + "mozPositionDetail": "Security positive, interop concerns are being addressed.", + "mozPositionIssue": 109, + "org": "W3C", + "title": "IntersectionObserver V2", + "url": "https://github.com/w3c/IntersectionObserver/pull/523" + }, { "ciuName": null, "description": "Invokers allow authors to assign behaviour to buttons in a more accessible and declarative way.", From 438f99031b48b25d0802ea10b0a8a6e0b02037de Mon Sep 17 00:00:00 2001 From: Randell Jesup Date: Tue, 18 Jun 2024 11:24:59 -0400 Subject: [PATCH 43/44] Switch position on zstd to positive --- activities.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/activities.json b/activities.json index a7ab3f3e..dfdc7778 100644 --- a/activities.json +++ b/activities.json @@ -2052,9 +2052,9 @@ "description": "Zstandard, or \"zstd\" (pronounced \"zee standard\"), is a data compression mechanism. This document describes the mechanism and registers a media type and content encoding to be used when transporting zstd-compressed content via Multipurpose Internet Mail Extensions (MIME). Despite use of the word \"standard\" as part of its name, readers are advised that this document is not an Internet Standards Track specification; it is being published for informational purposes only.", "id": "zstd", "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1301878", - "mozPosition": "defer", - "mozPositionDetail": "While we believe zstd is a promising technology, its use in a general-purpose web browser (given the existing slate of compression algorithms) has not been demonstrated to provide compelling new utility, and does not clearly warrant the additional maintenance cost and attack surface of adding such code. We are deferring a final position pending a more comprehensive and quantitative analysis of the benefits zstd would unlock on the web today - either dictionary-less, with static dictionaries, or with dynamic dictionaries. For either of the latter two options, we'd also need a credible plan for generating and delivering those dictionaries that aligns with our values.", - "mozPositionIssue": 105, + "mozPosition": "positive", + "mozPositionDetail": "Zstandard/Zstd has been shown to be an effective compression scheme especially for dynamic content, by reducing load on servers to deliver the same level of compression. It also enables improvements from future work on Compression Dictionaries. Chrome shipped support for Zstd in early 2024, and Firefox followed soon after. It has been judged to be worth the ongoing cost in maintenance and complexity to support for decompression, and is also useful for supporting TLS certificate decompression.", + "mozPositionIssue": 775, "org": "IETF", "title": "Zstandard Compression and the application/zstd Media Type", "url": "https://datatracker.ietf.org/doc/html/rfc8478" From 1601d51659eb583f6821092614de2699b18adfbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tantek=20=C3=87elik?= Date: Thu, 27 Jun 2024 15:37:12 -0700 Subject: [PATCH 44/44] guide Moz experts updating a position (#1046) add a paragraph to section "For Mozilla's Subject-Matter Experts" for when and how to update a position --- CONTRIBUTING.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 56bcf159..2987d5c7 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -168,5 +168,9 @@ and limit the discussion in the pull request to the details of making the change to `activities.json`, and accurately communicating the consensus in the issue. +Similarly, when changes to a proposal warrant an updated position and +there is sufficient consensus in subsequent comments on the issue, +make a pull request to document that updated consensus by changing `activities.json`. + Tips: * Specification URLs should link to a living standard or editor’s draft if available.