| 08:28 | <johannhof> | Huh just found out about https://tabatkins.github.io/bikeshed/#tracking-vectors, but it doesn't seem used widely? |
| 09:19 | <johannhof> | On another note, does anyone know what happened to "responsible document"? It's referenced a few times in https://w3c.github.io/webappsec-credential-management but that leads nowhere and it doesn't seem to be in the HTML spec. Is there another way to get a document from a settings object? |
| 09:23 | <johannhof> | I guess I could also use the associated document from the current global object |
| 09:59 | <annevk> | johannhof: <element tracking-vector> is relatively new, but if you spot it not being used, please do file an issue! |
| 09:59 | <annevk> | johannhof: your guess is what you want to do, see https://github.com/whatwg/html/pull/7694 |
| 10:00 | <johannhof> | annevk: Ok, cool, good to know it's relatively new, I'll keep an eye out for places to put this |
| 10:01 | <johannhof> | annevk: great, that's what I was looking for, thanks. I suppose it makes sense to update/file an issue when I see old usages? |
| 10:01 | <annevk> | johannhof: yeah, though if you scroll down in that PR you'll find Mike Taylor might have done so already |
| 10:02 | <johannhof> | Ah, it's just not merged in all places, makes sense, thanks |
| 10:03 | <johannhof> | (interestingly I did notice this on https://github.com/w3c/webappsec-permissions-policy/blob/main/integration.md which isn't indexed via webdex) |
| 11:25 | <annevk> | Domenic: so looking at https://github.com/domenic/cooperatively-sized-iframes I guess the way this could be done is that image documents in embed/object end up setting those attributes automatically (I guess there is a question as to whether we want to keep that behavior given that it leaks, but that's also somewhat separate from at least being able to explain what is going on) |
| 14:10 | <Domenic> | Domenic: so looking at https://github.com/domenic/cooperatively-sized-iframes I guess the way this could be done is that image documents in embed/object end up setting those attributes automatically (I guess there is a question as to whether we want to keep that behavior given that it leaks, but that's also somewhat separate from at least being able to explain what is going on) |
| 14:16 | <annevk> | Domenic: I think for SVG we need requestedaspectratio, but yeah, I think that ought to work |
| 16:57 | <TabAtkins> | annevk: SVG-as-<object> can run scripts, can't it? |
| 16:57 | <TabAtkins> | or is it static? |
| 17:08 | <annevk> | TabAtkins: it runs scripts |
| 17:08 | <TabAtkins> | Then it def has the looping potential |
| 17:08 | <annevk> | TabAtkins: of course, but that also goes for nested HTML so that shouldn't count I think? |
| 17:14 | <TabAtkins> | Right, just objecting to your comment about SVG avoiding the problem since it's images. |
| 17:15 | Andreu Botella | is now curious about whether SVG-as-<object> runs scripts on the same realm |
| 17:15 | <annevk> | TabAtkins: I mean I acknowledged the script thing pretty early on looking at scrollback |
| 17:16 | <TabAtkins> | Ah, I see, tho you said "I'm not sure that counts" ^_^ |
| 17:17 | <annevk> | Andreu Botella: should be the same as any other nested document... |
| 17:17 | <annevk> | TabAtkins: I still think that 🙂 |
| 17:18 | <Andreu Botella> | oh, so even with svg it behaves as a nested browsing context |
| 17:18 | <Andreu Botella> | I thought there might be some special-casing going on |