| 07:08 | <annevk> | Luca Casonato: did you see https://github.com/heycam/webidl/pull/526? I'm somewhat curious what Deno/Node.js make out of ShadowRealms and the additional "non"-JS globals to be exposed therein |
| 07:40 | <Luca Casonato> | Going to be a pain to implement I imagine (still not 100% clear on the scope of globals available in ShadowRealms). Generally seems fine though |
| 07:40 | <Ms2ger 💉💉> | Nobody's clear on the scope right now :) |
| 07:40 | <Luca Casonato> | Ah good, not just me then 😅 |
| 08:09 | <annevk> | sideshowbarker: happy b-day 🎂 \o/ |
| 08:12 | <sideshowbarker> | sideshowbarker: happy b-day 🎂 \o/ |
| 08:13 | <Ms2ger 💉💉> | 🎉 |
| 08:15 | <Luca Casonato> | Happy birthday! |
| 11:50 | <Jake Archibald> | Yay happy birthday sideshowbarker! |
| 11:52 | <Jake Archibald> | annevk: Why do we disallow isolated pages from postMessageing non-isolated pages? I don't see the security issue, since the same stuff can be laundered through storage |
| 11:57 | <annevk> | Jake Archibald: it's not disallowed per se, but you cannot get hold of a WindowProxy across that boundary |
| 11:59 | <Jake Archibald> | annevk: Ahh, so it's just a side-effect of disconnecting the proxy? So Sorry, I'm trying to figure out how the reporting side of this works and I'm finding the spec quite dense 😄 |
| 12:01 | <annevk> | Jake Archibald: closing the browsing context, yes; BC ought to work, like storage it only uses origins; postMessage with service/shared workers would work too (although you cannot always get SAB across of course) |
| 12:01 | <Ms2ger 💉💉> | BC is a dangerous acronym in this context |
| 12:02 | <Jake Archibald> | hah |
| 12:02 | <Jake Archibald> | cross-BC BC |
| 12:05 | <annevk> | I don't understand how Chrome shipped EyeDropper and nobody seemingly looked at the open issues with the spec. And it seems the TAG mainly focused on API shape and not security... |
| 12:09 | <annevk> | Ah, I guess some of those issues were opened after it was already approved... |
| 16:43 | <Jake Archibald> | annevk I'm struggling to figure out step 2 of https://html.spec.whatwg.org/multipage/origin.html#check-browsing-context-group-switch-coop-value. What is it allowing? An isolated page to create a popup to a non-isolated page? |
| 16:51 | <annevk> | Jake Archibald: that's more about COOP and not COOP+COEP |
| 16:52 | <annevk> | Jake Archibald: if you have COOP but allow popups, this ensures no replacement happens for the popup, unless the popup itself has a COOP |
| 16:52 | <Jake Archibald> | Taaaa |
| 16:53 | <Jake Archibald> | annevk really appreciate all the help with this |