Brian, you're right on all points. you're not missing anything Big publishers can't schedule a code change for 9 months, hence leaving their ad slots woefully insecure
-
-
Replying to @acfou @BRIAN_____ and
from a while backhttps://www.admonsters.com/can-sandboxing-defeat-redirects/ …
0 replies 0 retweets 2 likes -
Replying to @BRIAN_____ @acfou and
Good bug.
@bz_moz seemed grumpy though. I still find Firefox's popup blocker best, re: user activation discernment.1 reply 0 retweets 1 like -
Replying to @BrendanEich @BRIAN_____ and
Not grumpy, just concerned about specs that basically say "do something" and in practice that means reverse-engineering what Chrome does. Especially when what Chrome does is not great...
1 reply 0 retweets 5 likes -
Replying to @really_bz @BrendanEich and
Though in the case of the user activation v2 documents, they at least aim to explicitly write down what it is Chrome does. Which is still not great (as I said on blink-dev the last time there was a discussion on it, what it does is probably not OK for full-screen for Gecko).
1 reply 0 retweets 1 like -
Replying to @really_bz @bz_moz and
Is the cause of divergence between Chrome and Firefox on user-activated easy to summarize? In old days when
@jstenback and I hacked on it, we used stack discipline (in heap of course, can’t look up stack in C++) to notice user event started control flow (vs timeout or network).2 replies 0 retweets 1 like -
Replying to @BrendanEich @BRIAN_____ and
Pure stack doesn't quite work because people want to pass user activation across setTimeout/promise/postMessage. That's true in both Firefox and Chrome. Divergence is largely in whether activations "time out". If I click and 2min later the page goes fullscreen, is that ok?
1 reply 0 retweets 1 like -
Replying to @really_bz @bz_moz and
"Back in my day" (before promises, before the Empire), we cast a colder eye on setTimeout :-|. The Causeway work may be helpful, given promises: http://erights.org/elang/tools/causeway/index.html …. Is there any chain of custody among activations? Timing out seems a good idea too, but by itself not enough.
1 reply 1 retweet 1 like -
Replying to @BrendanEich @BRIAN_____ and
I think people really want to do work async, so we do need a way to propagate activation across async things, but not indefinitely... I think Chrome's model is basically that you store a "had activation" state on the global, which can be consumed if something needs an activation
2 replies 1 retweet 2 likes
But I would need to go read carefully to see what the current state of things is.
-
-
Replying to @really_bz @bz_moz and
Check out the causeway paper too if you can. Thanks!
1 reply 0 retweets 1 like -
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.