I'm currently working on implementing Opaque Response Blocking (ORB),
and one part I'm going to try out is to have <embed> and <object>
elements load images in synthetic documents, just like how <iframe>
does (
https://phabricator.services.mozilla.com/D148117). This makes
the ORB implementation simpler, since I can then handle cross origin
requests just like how we do process switching for cross origin
documents.
This is not really how spec describes image loading for <embed> and
<object>, but initially I will try to adhere to spec as much as
possible, but there's also discussions changing the spec
https://github.com/whatwg/html/issues/7939.
This is currently in review at
https://phabricator.services.mozilla.com/D148117 and I'm hoping to
land it soon. The number of tests that I've needed to change have
turned out to be fairly low
https://phabricator.services.mozilla.com/D148118, and hopefully the
visibility of this change to web pages should be minimal.
One place where there will be a known observable difference is in
DevTools, where there now will be a browsing context/document as a
child to either the <embed> or <object> element.
My intention is to have this turned on for Nightly only, with prefs in
place to quickly have it turned off. That pref is:
browser.opaqueResponseBlocking.syntheticBrowsingContext
I've also added a bonus pref that depends on the previous to turn off
the spec adhering hacks (essentially to hide browsing contexts from
`Window.frames`, named targeting etc). That pref is:
browser.opaqueResponseBlocking.syntheticBrowsingContext.filter
Since this is a bit on the experimental side, I'd be very happy if I
could have your help to keep extra eyes on any breakage that happens
due to this. I'll make sure to send a follow-up as soon as I land
this. Opinions before landing are of course also welcome!
--
farre