With the removal of Flash, there is no longer the need to return anything for navigator.plugins and navigator.mimeTypes. These APIs were used primarily for a) probing for Flash player support, or b) fingerprinting. As such, we'd like to return empty for these two properties. Gecko already switched to returning *only* Flash starting with Firefox 52, and returning empty as of Firefox 85.
The usage rate for these two APIs is quite significant: https://chromestatus.com/metrics/feature/timeline/popularity/2662 https://chromestatus.com/metrics/feature/timeline/popularity/2660 Having said that, the perceived risk is much lower than those numbers might indicate. One of the main uses for these two APIs is fingerprinting. Another *was* probing for Flash player support and version number, though since 2016 Blink has only advertised the flash plugin with explicit user opt-in. And now that Flash is completely removed, these use cases should correctly detect no flash support. An additional use case may be attempting to detect PDF support, but given Mozilla's success with not reporting PDF support since Firefox 52, this is likely ok. In essence, returning empty seems to be the correct thing to do. For reference, as of Chrome 89, these are the returned values: navigator.plugins: Chrome PDF Plugin Chrome PDF Viewer Native Client navigator.mimetypes: application/pdf application/x-google-chrome-pdf application/x-nacl application/x-pnacl
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM%3DNeDi4VD6ZnsB5ghk-arG8tsycX2-rOe7dZ_q0dQGYkdThcg%40mail.gmail.com.
Contact emails
mason...@chromium.orgExplainer
https://github.com/whatwg/html/issues/6003Specification
NoneSummary
With the removal of Flash, there is no longer the need to return anything for navigator.plugins and navigator.mimeTypes. These APIs were used primarily for a) probing for Flash player support, or b) fingerprinting. As such, we'd like to return empty for these two properties. Gecko already switched to returning *only* Flash starting with Firefox 52, and returning empty as of Firefox 85.
Blink component
BlinkSearch tags
navigator, pluginsTAG review
Not an API change, so no TAG review here.TAG review status
Not applicableRisks
Interoperability and Compatibility
The usage rate for these two APIs is quite significant: https://chromestatus.com/metrics/feature/timeline/popularity/2662 https://chromestatus.com/metrics/feature/timeline/popularity/2660
Having said that, the perceived risk is much lower than those numbers might indicate. One of the main uses for these two APIs is fingerprinting. Another *was* probing for Flash player support and version number, though since 2016 Blink has only advertised the flash plugin with explicit user opt-in. And now that Flash is completely removed, these use cases should correctly detect no flash support.
An additional use case may be attempting to detect PDF support, but given Mozilla's success with not reporting PDF support since Firefox 52, this is likely ok. In essence, returning empty seems to be the correct thing to do. For reference, as of Chrome 89, these are the returned values: navigator.plugins: Chrome PDF Plugin Chrome PDF Viewer Native Client navigator.mimetypes: application/pdf application/x-google-chrome-pdf application/x-nacl application/x-pnacl
Gecko: Shipped/Shipping (https://crbug.com/1164635) This is a request from Mozilla to follow suit.
Edge: No signal
WebKit: No signal
Web developers: No signalsIs this feature fully tested by web-platform-tests?
NoTracking bug
https://crbug.com/1164635Sample links
https://output.jsbin.com/nebarucLink to entry on the Chrome Platform Status
https://chromestatus.com/feature/5741884322349056This intent message was generated by Chrome Platform Status.
--
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACj%3DBEjHbk9cEdQ83SZFfKWtazrnTRwyxkUMSNTbOoQKPoDSFA%40mail.gmail.com.
I'd be ready to believe that even if 60% of page loads end up accessing these properties, very few actually care about the content of the lists. The problem is that "very few" of 60% might still be a substantial number. I don't think so, but I also don't know how to be absolutely certain. A gradual approach might be suitable.
If we can remove the content of the lists in a way that allows the change to be reverted quickly (and hopefully temporarily), I'd be willing to approve that with no further data based on Firefox and Safari's success. And just to not forget about it... enterprise?
/Daniel
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAARdPYetEMSD9vJ5gtojWxCS47ps5QEOoMXfNCuy0ntxSfgxcg%40mail.gmail.com.
On Mon, Jan 18, 2021 at 3:16 PM Yoav Weiss <yo...@yoav.ws> wrote:
Oh my, that's significant indeed!
Can we gradually roll out that change, so that we can catch unexpected breakage here early?
Can you ask the webkit folks if they'd follow?
I'd be ready to believe that even if 60% of page loads end up accessing these properties, very few actually care about the content of the lists. The problem is that "very few" of 60% might still be a substantial number. I don't think so, but I also don't know how to be absolutely certain. A gradual approach might be suitable.
If we can remove the content of the lists in a way that allows the change to be reverted quickly (and hopefully temporarily), I'd be willing to approve that with no further data based on Firefox and Safari's success. And just to not forget about it... enterprise?
/Daniel
On 2021-01-18 20:07, Philip Jägenstedt wrote:
I just commented on the HTML issue about the behavior in Safari iOS. I think we can take the fact that they've already been shipping this behavior for years as a strong signal, and furthermore we should probably try to not expose the Plugin and MimeType interfaces to match their behavior. This has a minor extra benefit that it could be used (by very savvy developers) to distinguish between no plugins because none are installed, and plugin support being removed from the browser.
For Edge, this sounds like a good change to help mitigate fingerprinting and reduce confusion.Edge currently returns the same information as Chrome does (modulo our PDF viewer is named "Microsoft Edge PDF Viewer").These APIs /might've/ been useful for detecting whether Native Client was supported on a given browser, except that Edge never bothered to remove the item from the array despite not supporting Native Client. But it looks like NativeClient doesn't really work on the open web in Chrome anymore either (crbug.com/918374).
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACj%3DBEjOgfxsotpc7As9FwUWfVYkhWPU2MBkiQ64%3DJbm8xo%2B8g%40mail.gmail.com.
As you likely noticed on the HTML issue, our friends at Apple had some feedback on their experience which points to continuing to list the PDF type as being useful for compatibility: https://github.com/whatwg/html/issues/6003#issuecomment-764119990. Can I assume that as that issue coalesces into a PR that y'all agree upon, you'll take that into account? :)
-mike
Thanks everyone!
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
-mike
Thanks everyone!
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM%3DNeDjyi-C8ERR9_kuOoEYU2WRQAUTPvq0_9szKS0XSOb729g%40mail.gmail.com.
LGTM2 on the modified plan.
/Daniel