search

WICG / fenced-frame

Proposal for a strong boundary between a page and its embedded content
https://wicg.github.io/fenced-frame/
Other
124 stars 31 forks source link

Proposal for changes to fenced frames urns/attributes #48

Closed gtanzer closed 1 year ago

gtanzer commented 2 years ago

Previously, we talked about urn:uuids mapping to URLs. But this is a bit imprecise, because there was actually other metadata associated with those URLs, like reporting metadata for FLEDGE reportEvent(), budget metadata for sharedStorage, etc.

This proposal makes this explicit, saying that urn:uuids map to a set of attributes, one of which is the src attribute. And we can add additional attributes like width and height that allow consumer APIs to have more control over and flexibility with information flow for their particular use case. See this document for the full proposal.

Here is an existing issue about how the proposal affects FLEDGE: https://github.com/WICG/turtledove/issues/312

We welcome feedback. 🙂

gtanzer commented 2 years ago

As a follow-up to the above proposal:

Previously, we conceptualized opaque identifiers as a means to map only a src. Therefore, it made sense to set them with the src attribute, and have them be strings (urn:uuids).

Given that these opaque identifiers have become and are continuing to become more expansive (describing more about the resulting fenced frame’s characteristics than just the resource URL), we don’t think it makes as much sense anymore to set them using the src attribute. Therefore, we are considering setting these opaque identifiers— which represent a “configuration”, “intent”, “set of properties”, or some other name subject to bikeshedding—using a new member of HTMLFencedFrameElement which is a WebIDL object. Because this new property need not be a string, we are also considering making the opaque identifier the WebIDL object’s reference (where some of the fields are opaque, as privacy requires for each use case).

For some examples of how this might look in practice:

// FLEDGE.
let frame = document.querySelector('fencedframe');
let config = await navigator.runAdAuction({ width: 100, height: 200, … });
frame.width = config.contentWidth;
frame.height = config.contentHeight;
frame.config = config;

// sharedStorage
let frame = document.querySelector('fencedframe');
let intent = await sharedStorage.selectURL({ width: 100, height: 200 },
[
  {url: '/url1', ...},
  {url: '/url2', ...}
]);
frame.width = config.contentWidth;
frame.height = config.contentHeight;
frame.config = config;

// Direct use (mostly for testing).
let frame = document.querySelector('fencedframe');
frame.config = new FencedFrameConfig({ url: 'https://www.example.com/' });

There would be a bit of complexity in migrating to this new approach for ongoing origin trials; it is likely that both urn:uuids and the new opaque identifier object would have to be supported simultaneously for some period of time.

shivanigithub commented 1 year ago

Closing since FencedFrameConfig is now part of the explainer.