You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think there is opportunity to use this feature to enforce best practices in web development and disable deprecated/inefficient/superseded features. This could help create a sort of "strict mode for HTML", whereby developers can set a HTTP header to encourage sensible design patterns. The no-docwrite is a good example of this. Here are some other ideas (from https://discourse.wicg.io/t/proposal-sandbox-policy/1414):
force-strict-mode: treat all scripts as if they had "use strict"; at the top, eliminating "sloppy mode" from the whole document
no-sync-storage to disable local/session storage (the old synchronous APIs superseded by IndexedDB) - the Chrome Web Store already implements this
no-prefixed-features - disable all prefixes, forcing standards-compliant uses only
no-nonstandard-features - similar to no prefixes, but to turn off all features not actually in the spec, e.g. window.orientation (replaced by screen.orientation), node.innerText (only exists for compatibility reasons), etc.
The text was updated successfully, but these errors were encountered:
Given feature policy seems to be about controlling access to features rather than changing them I think force-strict-mode would be better replaced with require-strict-mode which would prevent all forms of script execution that invokes tries to run non-strict code. This would include <script> but would also include things like importScripts(), eval, new Function, new Worker and so on.
I think there is opportunity to use this feature to enforce best practices in web development and disable deprecated/inefficient/superseded features. This could help create a sort of "strict mode for HTML", whereby developers can set a HTTP header to encourage sensible design patterns. The
no-docwrite
is a good example of this. Here are some other ideas (from https://discourse.wicg.io/t/proposal-sandbox-policy/1414):force-strict-mode
: treat all scripts as if they had "use strict"; at the top, eliminating "sloppy mode" from the whole documentno-sync-storage
to disable local/session storage (the old synchronous APIs superseded by IndexedDB) - the Chrome Web Store already implements thisno-prefixed-features
- disable all prefixes, forcing standards-compliant uses onlyno-nonstandard-features
- similar to no prefixes, but to turn off all features not actually in the spec, e.g. window.orientation (replaced by screen.orientation), node.innerText (only exists for compatibility reasons), etc.The text was updated successfully, but these errors were encountered: