document-policy
document-policy copied to clipboard
WICG
## Proposed directives Document-Policy directives such as `size-markup`, `size-images`, `size-styles`, and `size-scripts` can specify (in kilobytes or kibibytes?) the cumulative sizes of a type of resource; a generic `size` directive...
Next-gen image formats of the present and future include WebP, AVIF, JPEG-XL, and WebP2. With every new format, new compression ratios become possible; however, cross-browser support is inconsistent. That means...
Similar to `Content-Security-Policy`, `Document-Policy` should be settable via a meta tag in the head, such as ``` ``` This would make it easier for statically served sites (where customization of...
If a document specifies `Document-Policy: unload=?0`, the unload event will not be dispatched for that document. This is useful because the existence of an unload handler in a page will...
So, **feature** is a heavily overloaded term, and I'd at least like to not make it unnecessarily worse -- as I've been moving "features" from Feature Policy to Document Policy,...
The spec claims that there is a "registry of defined configuration points in use attached to this document", but it's not clear to me where such a registry exists. It's...
Client-Side Prototype Pollution (will refer as PP) are increasing. For example, [this](https://github.com/BlackFan/client-side-prototype-pollution) shows many libraries are vulnerable to PP just by parsing `location.search`. But essentially, a PP bug can be...
I would like to be able to disable use of certain canvas APIs, to stop [canvas fingerprinting](https://en.wikipedia.org/wiki/Canvas_fingerprinting) by iframes. A common situation is to have a sandboxed iframe that contains...
Before opening https://github.com/w3c/csswg-drafts/issues/3659, I had assumed `loading-image-default-eager` applies to CSS background-images and generated content. But I don't think that's mentioned anywhere. @ehsan-karamad have you given any thought to this?
I would like to be able to declare a policy that forbids the legacy DOM mutation event listeners: https://w3c.github.io/uievents/#legacy-mutationevent-events The main reason for this is to prevent browser extensions from...
