| 01:01 | <nbenner> | I hope I'm not bringing up old headaches for anyone. I know that navigator.registerContentHandler() has been removed from the spec for some time due to lack of implementation/interest. The github discussion about removing them from the standard ends rather abruptly and I couldn't find any open discussion about whether a newer or perhaps better method (as part of fetch as suggested by jscinoz) was in the works? If this is not the |
| 01:01 | <nbenner> | right place to ask this I apologize. |
| 01:15 | <nbenner> | also @ondras do this solve your problem? https://developer.mozilla.org/en-US/docs/Web/API/Document/scripts it says it lists all the ones from <script> tags. I'm not sure if it includes ones added through module dynamic import or not |
| 02:35 | <alystair> | https://github.com/whatwg/html/issues/5625 my first issue! :D |
| 02:47 | <MikeSmith> | Is sandbox intended to be used on top-level browsing context? What would be the use case? |
| 02:49 | <MikeSmith> | The OP of https://stackoverflow.com/questions/62289103/identical-urls-yet-still-get-cross-origin-request-blocked-the-same-origin-polic has it set, via a CSP header, on the document at https://egbert.net/ |
| 02:52 | <MikeSmith> | ... and I’m wondering if they have it set for some specific reason or whether they’re instead using it due to maybe a bit of over-zealousness in attempting to specify a sort of “maximum security” CSP policy (without really understanding the consequences) |
| 04:40 | <annevk> | nbenner: there's some kind of proposal for file handlers somewhere, iirc |
| 05:44 | <ondras> | nbenner: thanks, will have a look! |
| 05:45 | <ondras> | nbenner: but this list may contain also scripts that are being loaded, right? |
| 05:45 | <ondras> | nbenner: I am looking for a way to detect whether a given particular <script> is fully loaded |
| 17:19 | <Domenic> | MikeSmith: I think there are valuable protections sandboxing can give even to top-level BCs, but I'm not aware of the concrete use cases... |
| 19:57 | <annevk> | MikeSmith: Domenic: you could use it for content you trust less, though generally I guess you should host that on another domain |
| 23:48 | <andreubotella> | so, I was checking the spec on <input type=file>, and saw that it says that file names must not contain path components, which are parts of a filename separated by '\\' |
| 23:48 | <andreubotella> | I understand the windows bias, but shouldn't that be '\\' or '/', for completeness? |