07:52
<annevk>
Kaiido: that's the result of partitioning: https://privacycg.github.io/storage-partitioning/
07:53
<annevk>
Kaiido: coupled with popups being an odd exception of sorts that we'll hopefully be able to address in some way
08:51
<Kaiido>
annevk: Thanks. Would you have time to compose an answer there? While I could link to https://github.com/whatwg/html/issues/5803 I don't feel confident enough to explain in which case this partitioning happens.
15:25
<annevk>
Noam Rosenthal: I'm not really sure what you're trying to say in https://github.com/WICG/scroll-to-text-fragment/issues/234#issuecomment-2200440415
15:27
<Noam Rosenthal>
annevk: I'm saying that if a site adds text fragment to a URL, it's not up to the web platform to hide it from scripts
15:27
<Noam Rosenthal>
... mainly because it's not feasible to do it in a non-leaky manner
15:28
<Noam Rosenthal>
(the navigation timing bug is not the important bit here)
15:28
<annevk>
Noam Rosenthal: how does it leak today?
15:28
<Noam Rosenthal>
annevk: copy the link to another browser?
15:28
<annevk>
Noam Rosenthal: how does that leak it to script?
15:29
<Noam Rosenthal>
the other browsers don't hide it
15:29
<Noam Rosenthal>
you have to assume all browsers implement the text fragment feature for this hiding property to work
15:31
<annevk>
I don't think Gecko not implementing (which I don't think will remain true for long) is sufficient to just remove all privacy properties
15:32
<Noam Rosenthal>
annevk: it's also that some scripts use this for good reasons like enhancing the UI
15:35
<Noam Rosenthal>
annevk: since scroll position is anyway exposed, this is kind of a weird feature where the web page knows something about where it was scrolled to and can infer things about it but has to go about it in non-straightforward ways
15:38
<annevk>
All of that was known when the feature was designed. Doesn't seem like there's enough here to revisit that.
15:40
<annevk>
Did you discuss this with Google Search? Cause I'm pretty certain they care about these properties as well.
15:41
<Noam Rosenthal>
annevk: agreed, I should get back to the internal conversation about this before proceeding the external one.
16:12
<Noam Rosenthal>
annevk: context for this for me is that fixing the navigation timing bug was assigned to me a while back and we got a lot of push back about it breaking existing stuff that relies on that behavior... so I want to make sure we're doing the right thing by hiding the fragment in the first place. If it reaches consensus I think taking that backwards-compat hit would be fine.
19:23
<ljharb>
ljharb: I think it only ends up impacting a couple of algorithms, nothing downstream
put up https://github.com/whatwg/webidl/pull/1415 and https://github.com/whatwg/html/pull/10450, pls lmk what more i need to do :-)