You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Feature policy can be defined for browsing context, but there is no way to define it for script context. I think it’s totally wrong, and there is an objective need to be able to run different scripts in different script contexts (with different global environments and different set of available browser features / Web APIs).
Here is an example:
I need to run two scripts on a webpage. The first script is a first-party script that will access sensetive data (or fingerprintable API’s). The second script is a third-party script that will make some network requests. I need to isolate these scripts from each other to ensure that the second script will never have access to sensetive data.
The text was updated successfully, but these errors were encountered:
Browser extensions are special, and there is currently no mechanism to allow this in HTML; if such a thing does arise, I suspect that policies will apply to those scripts, but I don't think Permissions Policy is the mechanism to enforce that isolation.
Feature policy can be defined for browsing context, but there is no way to define it for script context. I think it’s totally wrong, and there is an objective need to be able to run different scripts in different script contexts (with different global environments and different set of available browser features / Web APIs).
Here is an example:
The text was updated successfully, but these errors were encountered: