| 01:18 | <SimonSapin> | TabAtkins: So, I have a Rust tree wired up with HTML parsing/serialization and Selector matching, but the API is not pretty: https://github.com/SimonSapin/kuchiki/blob/master/src/tests.rs |
| 17:41 | <caitp> | the history API never actually makes requests to new urls right? |
| 17:51 | <caitp> | just not sure what the train of thought was to disable the history API in chrome platform apps |
| 17:52 | <caitp> | I'm sure the gaia/b2g stuff doesn't cripple the api _that_ badly o_o |
| 22:03 | <MikeSmith> | the history API makes no requests to new URLs |
| 22:04 | <MikeSmith> | though maybe their implementation did somehow, I dunno |
| 22:05 | <MikeSmith> | caitp: anyway I don't know of any reason in the architecture of the API itself that would motivate disabiling it in some particular runtime |
| 22:06 | <MikeSmith> | I don't know what chroms platofrm apps are but I assume they're non-Web apps? I mean that don't use the Web security model and don't run in a normal Web context |
| 23:37 | <caitp-> | MikeSmith, platform apps like "packaged apps" on mobile |
| 23:37 | <caitp-> | manifest file et all |
| 23:38 | <caitp-> | i guess they're deprecated though |
| 23:44 | <caitp-> | hm, they're still not allowed in "new" chrome apps though, apparently for security reasons. just not sure what the security reason could possibly be |
| 23:45 | <caitp-> | i'm not very creative coming up with these threat models, but it seems like a pretty cosmetic feature |
| 23:49 | <caitp-> | i mean I guess you could pretend to navigate to somesitewithsensitivedataforloggingauthdetails.com or something, but the history api doesn't let you do that so? |
| 23:49 | <caitp-> | shrug |