Anne van Kesteren
Anne van Kesteren
We should make sure the correct thing is done here, to avoid confused deputy attacks. (This came up during TPAC 2023 and nobody present was immediately clear on whether this...
It might well make sense that this is layered on top of the HTTP cache as @pmeenan suggests, but not all implementations have a tripled-keyed HTTP cache at this point....
It seems that the proposal allows any subresource to essentially claim dictionary authority for `/`. * Am I misunderstanding or is that correct? * If so, can that be abused...
The connection separation we have today is the result of TLS client auth which is a property of the connection, rather than the request. The argument has been made that...
This regressed in f3e23c7e2af98c90b26514199b5ad1e7358c95c2. See https://github.com/mdn/content/issues/34537#issuecomment-2200194939 for context. *** /acknowledgements.html ( diff ) /tables.html ( diff )
I tried to find the rationale in #443 why we picked request URLs in the module map (and not tried to wait for the response to come or some such)...
Based on code inspection it seems that Chrome (not shipped) and Safari perform browsing context name resetting based on whether the top-level browsing context has an opener, not on whether...
It would be nice to know when biblio/anchors/link-defaults entries have been obsoleted by upstream changes so they can be cleaned up. You can kinda test this by removing them and...
In particular as defined today step 3 > Let defaultEventInitDict be the result of converting the JavaScript value undefined to the dictionary type accepted by eventInterface’s constructor. (This dictionary type...
Now that some changes have been made as per #2826, it would great to have the HTML side of WebGPU reviewed again. Also, for resizing, instead of > Follow the...