WebView application risks
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
None
Security
Because the worklet's context origin will be that of the origin of the script URL, both "Shared-Storage-Cross-Origin-Worklet-Allowed: ?1" and CORS are required when fetching a x-origin worklet script. Even so, it is important that worklet script creators understand the implications of this. Their worklet, which accesses their origin's Shared Storage data, can be loaded and executed by a different party.
Privacy
In the case of creating or using a cross-origin worklet, if the worklet cannot be created because the user has denied storage for that site, then the promise will resolve (rather than reject) to prevent leaking cross-site data. A caller may still use timing attacks to know this information, but this is a minor privacy issue, as in reality very few users would set such preferences, and doing a wide search would incur a significant performance cost spinning up the worklets.Debuggability
- Shared Storage database contents for an origin can be viewed and modified within DevTools.
- Shared Storage worklet can be inspected within DevTools.
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
All but WebView
Is this feature fully tested by web-platform-tests?
Yes
Finch feature name
SharedStorageAPIM125
Requires code in //chrome?
No
Estimated milestones
We intend to ship in M125.
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5145686840705024
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/41ee180b-5822-40fe-ac15-1bb1c9715e05n%40chromium.org.
On 4/19/24 12:52 PM, Yao Xiao wrote:
Contact emails
Would it be possible to write a paragraph on this specific
change, i.e., what are the use cases this change addresses, and
how does this help developers, etc.? Here in the thread is fine.
On 4/19/24 12:52 PM, Yao Xiao wrote:
Contact emails
Would it be possible to write a paragraph on this specific change, i.e., what are the use cases this change addresses, and how does this help developers, etc.? Here in the thread is fine.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/bf885085-5e5c-44f2-ae6f-9ae7daf3bc22%40chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXd2O7c2%2B%2B12PtuAS%2BSfHx0%2B8X6SuA7mr6saW%3DRVhewXkUHw%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAANMuaMXzzSYrpKr_GOgVgeQW3Qf3mdMkE8ZdQSTZutqcu7APg%40mail.gmail.com.
Contact emailscam...@chromium.org
jka...@chromium.org
yao...@chromium.org
rohit...@google.com
asha...@google.com
Explainer
https://github.com/WICG/shared-storageSpecification
https://wicg.github.io/shared-storage/
Additional anticipated specification changes
https://github.com/WICG/shared-storage/pull/152
Blink component
Blink>Storage>SharedStorage
Summary:
We plan to ship the following changes to the Shared Storage API:
- selectURL() and run() will be exposed on the SharedStorageWorklet interface. When calling on the default scoped worklet (i.e. sharedStorage.worklet.selectURL()/run()), the behavior is equivalent to calling sharedStorage.selectURL()/run().
- Users can create new worklets via const worklet = await sharedStorage.createWorklet(url, options). This API can be used to start multiple and potentially cross-origin worklets from a single document.
--
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/41ee180b-5822-40fe-ac15-1bb1c9715e05n%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
Hey Josh,I agree that it might not be helpful to ping Gecko and WebKit on this, but it would still be helpful to update the TAG on how this design is evolving.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/41ee180b-5822-40fe-ac15-1bb1c9715e05n%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXd2O7c2%2B%2B12PtuAS%2BSfHx0%2B8X6SuA7mr6saW%3DRVhewXkUHw%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/af749e5f-d3fb-4901-9427-f49efe95410cn%40chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAANMuaPuu4frRrmLq01eAsTAb2fMnQ_rZ3OJoz9dWd%3DVfQQBhA%40mail.gmail.com.
Hi Yao,
I see that https://github.com/WICG/shared-storage/pull/152 is still open, can that be landed before we ship this?
Also, can you point to the tests for this change?
LGTM2.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALYudgV0qYjc9goCzdeSBjQpy0rLTZ2rem_KCWGNBs7MzMH5pQ%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/fb5552ba-6381-40b0-ad43-76262ae199dd%40chromium.org.