I Want to sandbox! ... again
#5
Conversation
|
@aarongustafson, should we accept "wants" outright, or would it be appropriate to discuss if some other part of the platform could meet this need.... for example, we could evaluate if the Feature Policy API could address this use case? |
|
@marcoscaceres My feeling was that some submissions may require a bit of back & forth between the submitter and us to clarify the underlying problem. If there’s an existing path, we can inform them of that and it probably would not make sense to include that “want” in the site. If it is a well-articulated need, however, without a clear pre-existing solution, it can be added (perhaps with some editorial refinement). In the case of @Malvoz’s submission, I bow to your knowledge of Feature Policy. If it already provides the means of doing this, awesome. If not, but you think that’s the right area for managing this request, let’s propose a rewrite of the “want” that specifically scopes the sandboxing control desire within the context of Feature Policies. Does that make sense? |
This w3c/webappsec-permissions-policy#300 does discuss an opt-in negotiation, perhaps Looking at the bigger picture, even allowing/disallowing some features for FP itself is just as much guess-work as |
|
Perhaps FP reporting could go a long way, it'd still allow for content to first break and then (sandbox) features can be adjusted accordingly. Edit: actually, policy violation reports aren't available for embedded content atm. Anyhow, my Want isn't explicitly asking for a technology to achieve API/feature advertisement. It may be more reliable having code distributors to advertise required features in their documentation, and perhaps they just need guidance/motivation as it seems currently nobody's doing that. |
No description provided.