Publish minutes of 2025-02-13 meeting

Rob--W · Rob--W · commit 31a888e3c5fc · 2025-02-14T17:54:47.000+01:00
diff --git a/_minutes/2025-02-13-wecg.md b/_minutes/2025-02-13-wecg.md
@@ -0,0 +1,139 @@
+# WECG Meetings 2025, Public Notes, Feb 13
+
+ * Chair: Simeon Vincent
+ * Scribes: Rob Wu
+
+Time: 8 AM PST = https://everytimezone.com/?t=67ad3600,384
+Call-in details: [WebExtensions CG, 13th February 2025](https://www.w3.org/events/meetings/0090c842-271b-4194-b93e-9d401d07af5e/20250213T080000/)
+Zoom issues? Ping @zombie (Tomislav Jovanovic) in [chat](https://github.com/w3c/webextensions/blob/main/CONTRIBUTING.md#joining-chat)
+
+
+## Agenda: [discussion in #754](https://github.com/w3c/webextensions/issues/754), [github issues](https://github.com/w3c/webextensions/issues)
+
+The meeting will start at 3 minutes after the hour.
+
+See [issue 531](https://github.com/w3c/webextensions/issues/531) for an explanation of this agenda format.
+
+ * **Announcements** (2 minutes)
+   * Announcement: WECG meetup in Berlin, March 2025 ([Issue 759](https://github.com/w3c/webextensions/issues/759), [wiki page](https://github.com/w3c/webextensions/wiki/2025-Berlin-F2F-Coordination))
+ * **Triage** (15 minutes)
+   * [Issue 755](https://github.com/w3c/webextensions/issues/755): Proposal: about: matching
+   * [Issue 756](https://github.com/w3c/webextensions/issues/756): Proposal: Exclude Matching
+   * [Issue 762](https://github.com/w3c/webextensions/issues/762): DNR: Add excludedTopFrameDomains (and topFrameDomains)
+   * [Issue 763](https://github.com/w3c/webextensions/issues/763): Proposal: Add excludeTopFrameMatches and excludeTopFrameGlobs
+ * **Timely issues** (10 minutes)
+   * [PR 760](https://github.com/w3c/webextensions/pull/760): Specification for loading extensions in WebDriver Classic
+   * [issue 764](https://github.com/w3c/webextensions/issues/764): WebDriver: install command optional parameters
+ * **Check-in on existing issues** (20 minutes)
+   * [Issue 746](https://github.com/w3c/webextensions/issues/746): Proposal: Persistent Authentication
+
+
+## Attendees (sign yourself in)
+
+ 1. Rob Wu (Mozilla)
+ 2. Oliver Dunk (Google)
+ 3. Giorgio Maone (NoScript, Tor)
+ 4. Steven McLintock (1Password)
+ 5. Krzysztof Modras (Ghostery)
+ 6. Lena Cohen (Privacy Badger, EFF)
+ 7. Tomislav Jovanovic (Mozilla)
+ 8. Maxim Topciu (AdGuard)
+ 9. David Johnson (Apple)
+ 10. Kiara Rose (Apple)
+ 11. Mukul Purohit (Microsoft)
+ 12. Timothy Hatcher (Apple)
+ 13. Casey Garland (Capital One)
+
+
+## Meeting notes
+
+Announcement: WECG meetup in Berlin, March 2025 ([Issue 759](https://github.com/w3c/webextensions/issues/759), [wiki page](https://github.com/w3c/webextensions/wiki/2025-Berlin-F2F-Coordination))
+
+ * [tomislav] The in-person WECG meetup will take place from Tuesday 25 March until Friday 28 March, in the Mozilla office in Berlin. We expect about 10 - 20 attendees. If interested, sign yourself up in the issue.
+
+[Issue 755](https://github.com/w3c/webextensions/issues/755): Proposal: about: matching
+
+ * [timothy] about:-matching would be OK by me.
+ * [rob] about: in content scripts is already covered by `match_origin_as_fallback`; API-dependent solutions may work better. E.g. for context menus.
+ * [krzysztof] Do extensions have access to about:newtab at the moment?
+ * [rob] No.
+ * [krzysztof] Seems to have potential for privilege violation.
+ * [timothy] If anything, I would at most be supportive of about:blank and about:srcdoc.
+ * [oliver] Similarly. We don't even have about:newtab.
+ * [oliver] The contextMenus API use case specifically could be solved by a combination of `documentUrlPatterns` (to include the HTTP and HTTPS protocols, while excluding file:) and the addition of a `match_origin_as_fallback` like key that would also allow matching blank frames.
+ * [timothy]
+ * [rob] Not sure if we would want to support “about:blank” in match patterns, the capability to match about blank otherwise in context menus sounds reasonable.
+ * [oliver] I wonder whether support for something like `match_origin_as_fallback` would be sufficient.
+
+[Issue 756](https://github.com/w3c/webextensions/issues/756): Proposal: Exclude Matching
+
+ * [oliver] This is a generic feature request.
+ * [rob] Firefox supports menus.onShown, menus.onHidden and menus.refresh() which allows extensions to hide/show/update menus at runtime.
+ * [timothy] We don't support that in Safari.
+ * [rob] Would you consider it, or does it not fit in your model?
+ * [timothy] We may consider it, but it is not a high priority.
+ * [timothy] The issue suggests negating a match by prepending `!`.
+ * [tomislav] Clarify use cases with reporter.
+
+[Issue 762](https://github.com/w3c/webextensions/issues/762): DNR: Add excludedTopFrameDomains (and topFrameDomains)
+
+ * [alexei] Determining whether something is third-party, in DNR, all comparisons are against the immediate parent. This is not what developers want. We want to add a filter to DNR rules to include or exclude by the top level document. E.g. `facebook.com` loads Zinga which loads more facebook domains. It is currently not possible to block facebook except on `facebook.com` domains.
+ * [krzysztof] We share the use case, mainly to allow user control. Users see the top-level URL, and not the frame URL.
+ * [giorgio] +1
+ * [rob] allowAllRequests was designed for this. It is not ideal, but have you looked into it?
+ * [oliver] allowAllRequests would ignore all rules, but in this case the goal is to only ignore requests that are first party with the top level frame. Chrome is supportive of this request.
+ * [krzysztof] This is more important for general extensions beyond ad blockers.
+ * [giorgio] In NoScript, contextual policies need this capability, to implement something based on the top domain.
+ * [rob] Supportive from Firefox's side.
+ * [rob] What if the top URL is about:blank, e.g. a popup opened by `example.com`?
+ * [giorgio] In my use case, it would be the real domain.
+ * [alexei] I don't know from the top off my head; I'd look at MV2, what happens in webRequest?
+ * [krzysztof] Please ask again in the issue, then I can come back to this later.
+ * [timothy] We'd be supportive on the Safari side.
+
+[Issue 763](https://github.com/w3c/webextensions/issues/763): Proposal: Add excludeTopFrameMatches and excludeTopFrameGlobs
+
+ * [tomislav] The use case is mainly about a mismatch between how we treat match patterns and user expectations. When a user disables an extension on Reddit, they expect to disable scripts in Reddit and all of its subframes, not just on Reddit. Alternatives exist (location.ancestorOrigins).
+ * [alexei] This is another issue from the class of issues where DNR/MV3 APIs compare against the immediate parent frame, not the top-level document frame. Extensions generally want to compare against the top-level document, or at least should have the choice.
+ * [rob] Are there signs of extensions desiring this capability? E.g. if extensions use location.ancestorOrigins.
+ * [oliver] Is there a need to match by full URLs or should we match by origin?
+ * [krzysztof]
+ * [tomislav] Most flexible matching mechanism is by top URL and individual frames. Is this the requested feature, or part of a more generic desired feature set?
+ * [rob] Matching by origins is feasible to implement, full URLs are not guaranteed to be available across origins, in a cross-domain frame.
+ * [giorgio] Matching by domain would be a great start.
+ * [krzysztof] Matching by globs is sometimes needed, e.g. to support matching by `google.*` instead of listing all domains separately.
+ * [rob] I'm not opposed to this capability, but would like to see existing demand for this feature before considering its implementation.
+ * [alexei] Wouldn't it be much nicer for developers to declaratively specify the top-level domains they want to include/exclude, than having to make custom checks in content scripts just because the scripting API doesn't support matching against top-level domains?
+ * [giorgio] Contextual policies in NoScript uses origins.
+ * [rob] Chrome already supports location.ancestorOrigins, Firefox is working on it.
+ * [alexei] When a user “disables” an extension on a site through the browser, it does not only disable it in the top frame, but also iframes in different sites.
+ * [timothy] I see this being useful for content scripts. This is the inverse, all subframes, not the main frame.
+ * [rob] `window === top`, `location.ancestorOrigins` and others can be used in content scripts to do the matching and exit early if needed. If extensions can already achieve a goal with existing APIs, there is no strong case for introducing a new API to something similar, unless there are strong benefits to doing so.
+ * [krzysztof] In MV3 scripts are declarative/static and cannot be configured.
+ * [timothy] And that is where globalParams would be useful.
+ * [giorgio] Yes, please!
+
+[PR 760](https://github.com/w3c/webextensions/pull/760): Specification for loading extensions in WebDriver Classic
+
+ * [kiara] PR to describe the webdriver classic protocol to enable loading extensions in Safari. Based on webdriver-bidi protocol.
+ * [tomislav] I had some feedback, which applies equally to the webdriver-bidi protocol. In the interest of avoiding duplication of discussion, I'll delete my comments and approve.
+ * [oliver] I added approval, you can consider this to be approval from Chrome's side.
+
+[issue 764](https://github.com/w3c/webextensions/issues/764): WebDriver: install command optional parameters
+
+ * [krzysztof] How should browser-specific features be passed to installation? There are universal cases such as private browsing access; others are more fragmented.
+ * [kiara] We discussed this on our side in testing; currently default to granting all permissions by default, but would be nice to have the ability to toggle that behavior.
+ * [oliver] This is a good discussion, thanks for opening.
+ * [krzysztof] Should the ability to grant permissions be part of install or a subsequent command?
+ * [kiara] In testing, by default would be to grant them; for specific tests it would make sense to allow the opposite.
+ * [tomislav] Would be nice to have the ability to grant some permissions at install time.
+ * [kiara] I agree, on install would be preferred.
+ * [krzysztof] Things like the geolocation permission are examples of what exists.
+ * [rob] If you identify common patterns in the webdriver-bidi spec that can be re-used here, that would be really nice.
+ * [tomislav] To avoid scattering the discussion, let's discuss what we want in our group, in the issue, and then reach out to the webdriver bidi.
+
+[Issue 746](https://github.com/w3c/webextensions/issues/746): Proposal: Persistent Authentication
+
+ * [rob] This was discussed before; since we are out of time, let's process this issue async.
+
+The next meeting will be on [Thursday, February 27th, 8 AM PST (4 PM UTC)](https://everytimezone.com/?t=67bfab00,384).
diff --git a/_minutes/README.md b/_minutes/README.md
@@ -10,23 +10,24 @@ After the end of each meeting, meeting notes are published here.
 
 ## Upcoming meetings
 
-- 2025-02-13 at 8 AM PST = https://everytimezone.com/?t=67ad3600,384
 - 2025-02-27 at 8 AM PST = https://everytimezone.com/?t=67bfab00,384
+- 2025-03-13 at 8 AM PST = https://everytimezone.com/?t=67d22000,384
 
 ## Past meetings
 
+* 2025-02-13 ([minutes](2025-02-13-wecg.md))
 * 2025-01-30 ([minutes](2025-01-30-wecg.md))
 * 2025-01-16 ([minutes](2025-01-16-wecg.md))
 * 2024-12-19 ([minutes](2024-12-19-wecg.md))
 * 2024-12-05 ([minutes](2024-12-05-wecg.md))
 * 2024-11-21 ([minutes](2024-11-21-wecg.md))
-* 2024-11-07 ([minutes](2024-11-07-wecg.md))
 
 <details>
 <summary><strong>All past meeting notes</strong></summary>
 
 **2025**
 
+* 2025-02-13 ([minutes](2025-02-13-wecg.md))
 * 2025-01-30 ([minutes](2025-01-30-wecg.md))
 * 2025-01-16 ([minutes](2025-01-16-wecg.md))
 
