activities.json

[
  {
    "ciuName": null,
    "description": "Adds imagesrcset and imagesizes attributes to <link> which correspond to the srcset and sizes attributes of <img> respectively, for the purposes of preloading.",
    "id": "image-preload",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1515760",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "A relevant aspect of <link rel=preload> support.",
    "mozPositionIssue": 130,
    "org": "WHATWG",
    "title": "<link>'s imagesrcset and imagesizes attributes",
    "url": "https://html.spec.whatwg.org/multipage/semantics.html#attr-link-imagesrcset"
  },
  {
    "ciuName": null,
    "description": "This specification defines a well-known URL that sites can use to make their change password forms discoverable by tools. This simple affordance provides a way for software to help the user find the way to change their password.",
    "id": "change-password-url",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": null,
    "mozPositionIssue": 372,
    "org": "Proposal",
    "title": "A Well-Known URL for Changing Passwords",
    "url": "https://wicg.github.io/change-password-url/"
  },
  {
    "ciuName": null,
    "description": "",
    "id": "aria-annotations",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1608975",
    "mozPosition": "important",
    "mozPositionDetail": "This contains changes needed to support screen reader accessibility of comments, suggestions, and other annotations in published documents and online word processing applications.",
    "mozPositionIssue": 253,
    "org": "W3C",
    "title": "ARIA Annotations",
    "url": "https://github.com/aleventhal/aria-annotations"
  },
  {
    "ciuName": null,
    "description": "This document describes an API providing access to accelerated shape detectors (e.g. human faces) for still images and/or live image feeds.",
    "id": "shape-detection-api",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1553738",
    "mozPosition": "defer",
    "mozPositionDetail": "We're concerned about possible complexity, variations in support between operating systems, and possible fingerprinting surface, but we'd like to wait and see how this proposal evolves.",
    "mozPositionIssue": 21,
    "org": "Proposal",
    "title": "Accelerated Shape Detection in Images",
    "url": "https://wicg.github.io/shape-detection-api"
  },
  {
    "ciuName": null,
    "description": "This memo introduces an informational HTTP status code that can be used to convey hints that help a client make preparations for processing the final response.",
    "id": "http-early-hints",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1407355",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "We believe that experimentation with the 103 response code is worthwhile, while at the same time noting that its primary benefit comes from using it with rel=preload, which Firefox does not yet implement. We do have some concerns about the lack of clear interaction with Fetch, which we hope will be specified before the mechanism is put into widespread use.",
    "mozPositionIssue": 134,
    "org": "IETF",
    "title": "An HTTP Status Code for Indicating Hints (103)",
    "url": "https://tools.ietf.org/html/rfc8297"
  },
  {
    "ciuName": null,
    "description": "A proposal for an 'asynchronous atomic wait' for ECMAScript, primarily for use in agents that are not allowed to block.",
    "id": "atomics-wait-async",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1467846",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "Represents a meaningful way for the main thread to interact with blocking concurrent patterns in workers and other off-thread work.",
    "mozPositionIssue": 433,
    "org": "Ecma",
    "title": "Atomics.waitAsync",
    "url": "https://tc39.es/proposal-atomics-wait-async/"
  },
  {
    "ciuName": null,
    "description": "This API will help by improving the audio-mixing of websites with native apps, so they can play on top of each other, or play exclusively.",
    "id": "audio-focus",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1579791",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "This proposes a straightforward API for improving mixing of audio produced by website.",
    "mozPositionIssue": 203,
    "org": "Proposal",
    "title": "Audio Focus API",
    "url": "https://wicg.github.io/audio-focus/explainer"
  },
  {
    "ciuName": null,
    "description": "This specification defines an API allowing web applications to set an application-wide badge, shown in an operating-system-specific place associated with the application (such as the shelf or home screen), for the purpose of notifying the user when the state of the application has changed (e.g., when new messages have arrived), without showing a more heavyweight notification.",
    "id": "badging",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": null,
    "mozPositionIssue": 108,
    "org": "Proposal",
    "title": "Badging API",
    "url": "https://wicg.github.io/badging/"
  },
  {
    "ciuName": "bigint",
    "description": "This proposal adds arbitrary-precision integers to ECMAScript.",
    "id": "bigint",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1366287",
    "mozPosition": "non-harmful",
    "mozPositionDetail": "Shipping in Firefox.",
    "mozPositionIssue": 65,
    "org": "Ecma",
    "title": "BigInt",
    "url": "https://tc39.github.io/proposal-bigint/"
  },
  {
    "ciuName": null,
    "description": "Bundled exchanges provide a way to bundle up groups of HTTP request+response pairs to transmit or store them together. They can include multiple top-level resources with one identified as the default by a manifest, provide random access to their component exchanges, and efficiently store 8-bit resources.",
    "id": "bundled-exchanges",
    "mozBugUrl": null,
    "mozPosition": "non-harmful",
    "mozPositionDetail": "The mechanism as currently sketched out seems to provide potentially useful functionality for a number of use cases. This is a complex mechanism, and substantial detail still needs to be filled in. We believe the general intent of the feature is well-enough defined to designate as \"non-harmful\" at this time (rather than \"defer\"), although we anticipate potentially revisiting this decision as the mechanism is refined.",
    "mozPositionIssue": 264,
    "org": "Proposal",
    "title": "Bundled HTTP Exchanges",
    "url": "https://tools.ietf.org/html/draft-yasskin-wpack-bundled-exchanges"
  },
  {
    "ciuName": "streams",
    "description": "Byte streams are a specialization of <a href=\"#streams\">Streams</a> that are designed to deal with raw bytes.",
    "id": "byte-streams",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Streams_API#ByteStream-related_interfaces",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "Byte streams are a useful specialization of streams that is well suited to performant I/O and they are well integrated with Typed Arrays.",
    "mozPositionIssue": 457,
    "org": "WHATWG",
    "title": "Byte Streams",
    "url": "https://streams.spec.whatwg.org/"
  },
  {
    "ciuName": "css-subgrid",
    "description": "This draft defines additions to CSS Grid, primarily for the subgrid feature.",
    "id": "subgrid",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1349043",
    "mozPosition": "important",
    "mozPositionDetail": "Subgrid adds a critical enhancement to CSS Grid, in particular for many CSS Grid use-cases that require alignment across nested semantic elements.",
    "mozPositionIssue": 125,
    "org": "W3C",
    "title": "CSS Grid Layout Module Level 2",
    "url": "https://drafts.csswg.org/css-grid-2/"
  },
  {
    "ciuName": null,
    "description": "An API for allowing web developers to define their own layout modes with javascript.",
    "id": "css-layout-api",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1302337",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "This specification allows developing prototypes of new CSS layout systems and provides an escape hatch for developers when the existing systems aren't good enough for a particular piece of a web page.",
    "mozPositionIssue": 93,
    "org": "W3C",
    "title": "CSS Layout API",
    "url": "https://drafts.css-houdini.org/css-layout-api-1"
  },
  {
    "ciuName": "css-paint-api",
    "description": "An API for allowing web developers to define a custom CSS &lt;image> with javascript, which will respond to style and size changes.",
    "id": "css-paint-api",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/CSS_Painting_API",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1302328",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "This specification allows developing prototypes of new graphical CSS features and provides an escape hatch for developers when the existing features aren't good enough for a particular piece of a web page.",
    "mozPositionIssue": 93,
    "org": "W3C",
    "title": "CSS Painting API",
    "url": "https://drafts.css-houdini.org/css-paint-api-1"
  },
  {
    "ciuName": null,
    "description": "This CSS module defines an API for registering new CSS properties. Properties registered using this API are provided with a parse syntax that defines a type, inheritance behaviour, and an initial value.",
    "id": "css-properties-and-values-api",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273706",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "This specification makes it significantly easier to use CSS custom properties in ways that are more like regular CSS properties.",
    "mozPositionIssue": 93,
    "org": "W3C",
    "title": "CSS Properties and Values API",
    "url": "https://drafts.css-houdini.org/css-properties-values-api-1"
  },
  {
    "ciuName": "mdn-css_at-rules_property",
    "description": "The @property rule represents a custom property registration directly in a stylesheet without having to run any JS.",
    "id": "at-property",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "Having a declarative registration mechanism for custom properties is a good addition to CSS Properties and Values API.",
    "mozPositionIssue": 331,
    "org": "W3C",
    "title": "CSS Properties and Values API: @property",
    "url": "https://drafts.css-houdini.org/css-properties-values-api-1#at-property-rule"
  },
  {
    "ciuName": null,
    "description": "This specification defines the ::part() and ::theme() pseudo-elements on shadow hosts, allowing shadow hosts to selectively expose chosen elements from their shadow tree to the outside page for styling purposes.",
    "id": "css-shadow-parts",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": null,
    "mozPositionIssue": 59,
    "org": "W3C",
    "title": "CSS Shadow Parts",
    "url": "https://drafts.csswg.org/css-shadow-parts"
  },
  {
    "ciuName": null,
    "description": "Converting CSSOM value strings into meaningfully typed JavaScript representations and back can incur a significant performance overhead. This specification exposes CSS values as typed JavaScript objects to facilitate their performant manipulation.",
    "id": "css-typed-om",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1278697",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "This specification provides an easier way to manipulate the CSS object model.",
    "mozPositionIssue": 93,
    "org": "W3C",
    "title": "CSS Typed OM",
    "url": "https://drafts.css-houdini.org/css-typed-om-1"
  },
  {
    "ciuName": "mdn-css_properties_overflow_clip",
    "description": "overflow:clip is a feature of CSS Overflow Module Level 3 that is similar to overflow:hidden except without a formatting context or programmatic scrollability.",
    "id": "css-overflow-clip",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/CSS/overflow",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1531609",
    "mozPosition": "important",
    "mozPositionDetail": "This feature is both a useful declarative presentational feature for web developers and standardizes a non-standard -moz prefixed value.",
    "mozPositionIssue": 418,
    "org": "W3C",
    "title": "CSS overflow clip",
    "url": "https://drafts.csswg.org/css-overflow-3/#valdef-overflow-clip"
  },
  {
    "ciuName": null,
    "description": "This specification defines a HTTP/2 frame type to allow clients to inform the server of their cache's contents. Servers can then use this to inform their choices of what to push to clients.",
    "id": "http-cache-digest",
    "mozBugUrl": null,
    "mozPosition": "non-harmful",
    "mozPositionDetail": "This is experimental technology that might improve the use of server push by giving servers information about what is cached. It is still unclear how much this might improve performance; more experimentation is likely necessary to prove this out.",
    "mozPositionIssue": 131,
    "org": "IETF",
    "title": "Cache Digests for HTTP/2",
    "url": "https://tools.ietf.org/html/draft-ietf-httpbis-cache-digest"
  },
  {
    "ciuName": null,
    "description": "This document defines an imperative mechanism which allows web developers to instruct a user agent to clear a site's locally stored data related to a host.",
    "id": "clear-site-data",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1268889",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "This feature is useful for sites to be able to recover from mistakes in deployment of certain web technologies like Service Workers, and thus makes them more confident about deploying such technology.",
    "mozPositionIssue": 90,
    "org": "W3C",
    "title": "Clear Site Data",
    "url": "https://w3c.github.io/webappsec-clear-site-data/"
  },
  {
    "ciuName": null,
    "description": "This document defines a set of JavaScript APIs to compress and decompress streams of binary data.",
    "id": "compression-streams",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "This provides a small API wrapper around compression formats implementations already have to support and hopefully leads to more things being compressed due to ease-of-use.",
    "mozPositionIssue": 207,
    "org": "Proposal",
    "title": "Compression Streams",
    "url": "https://wicg.github.io/compression/"
  },
  {
    "ciuName": null,
    "description": "This draft defines additions to CSSOM to make CSSStyleSheet objects directly constructable, along with a way to use them in DocumentOrShadowRoots.",
    "id": "construct-stylesheets",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": null,
    "mozPositionIssue": 103,
    "org": "Proposal",
    "title": "Constructable Stylesheet Objects",
    "url": "https://wicg.github.io/construct-stylesheets/"
  },
  {
    "ciuName": null,
    "description": "This proposal adds an API for prompting and querying the user\u2019s contacts for one or more items with a handful of contact properties.",
    "id": "contact-picker",
    "mozBugUrl": null,
    "mozPosition": "defer",
    "mozPositionDetail": "This API innovates in some ways beyond several previous Contacts APIs, though uses different properties than HTML autofill field names.",
    "mozPositionIssue": 153,
    "org": "Proposal",
    "title": "Contact Picker API",
    "url": "https://wicg.github.io/contact-api/spec/"
  },
  {
    "ciuName": null,
    "description": "This document defines a mechanism by which a web page can embed a nested browsing context if and only if it agrees to enforce a particular set of restrictions upon itself.",
    "id": "cspee",
    "mozBugUrl": null,
    "mozPosition": "non-harmful",
    "mozPositionDetail": "This specification allows sites to specify minimum CSP policies for embedded content. The risk of problems arising from misalignment between different policies is managed well. The resulting complexity is not trivial, but it is balanced against the security improvements.",
    "mozPositionIssue": 326,
    "org": "W3C",
    "title": "Content Security Policy: Embedded Enforcement",
    "url": "https://w3c.github.io/webappsec-cspee/"
  },
  {
    "ciuName": "cookie-store-api",
    "description": "An asynchronous Javascript cookies API for documents and workers",
    "id": "cookie-store",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1475599",
    "mozPosition": "defer",
    "mozPositionDetail": "This API provides better access to cookies. However, the improvements also expand access to cookie metadata and the interactions with privacy features like the Storage Access API are unclear. Work on improving cookie interoperability, which is ongoing, might be needed before an assessment can be made.",
    "mozPositionIssue": 94,
    "org": "Proposal",
    "title": "Cookie Store API",
    "url": "https://wicg.github.io/cookie-store/"
  },
  {
    "ciuName": null,
    "description": "This document defines a mechanism for reporting browser crashes to site owners through the use of the Reporting API.",
    "id": "crash-reporting",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1607364",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "This seems like it could be a useful addition to the reporting API.  We're not yet confident what level of user consent is needed, but we can experiment with that without changes to the specification.",
    "mozPositionIssue": 288,
    "org": "Proposal",
    "title": "Crash Reporting",
    "url": "https://wicg.github.io/crash-reporting/"
  },
  {
    "ciuName": "credential-management",
    "description": "This specification describes an imperative API enabling a website to request a user\u2019s credentials from a user agent, and to help the user agent correctly store user credentials for future use.",
    "id": "credman",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1156047",
    "mozPosition": "defer",
    "mozPositionDetail": "Development of the specification seems to have stalled and it's also not a priority for Mozilla.",
    "mozPositionIssue": 172,
    "org": "W3C",
    "title": "Credential Management Level 1",
    "url": "https://w3c.github.io/webappsec-credential-management/"
  },
  {
    "ciuName": null,
    "description": "Blocklist certain opaque responses based on MIME type and return an 'emptied' response instead.",
    "id": "corb",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1459357",
    "mozPosition": "non-harmful",
    "mozPositionDetail": "While this is an important aspect of a robust Spectre-defense, we would like to see a safelist-based approach pursued, e.g., <a href=\"https://github.com/annevk/orb\">Opaque Response Blocking</a>.",
    "mozPositionIssue": 81,
    "org": "Proposal",
    "title": "Cross-Origin Read Blocking (CORB)",
    "url": "https://chromium.googlesource.com/chromium/src/+/master/services/network/cross_origin_read_blocking_explainer.md"
  },
  {
    "ciuName": null,
    "description": "Add support for Curve25519 algorithms in the Web Cryptography API, namely the signature algorithm Ed25519 and the key agreement algorithm X25519.",
    "id": "webcrypto-curve25519",
    "mozBugUrl": "",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "We are in favor of this work, but would like to see it have a path to standardization.  When doing that, it may be worth reconsidering some of the \"no seatbelts\" aspects of WebCrypto more generally, and perhaps adding other algorithms as well.",
    "mozPositionIssue": 271,
    "org": "Proposal",
    "title": "Curve25519 in the Web Cryptography API",
    "url": "https://github.com/tQsW/webcrypto-curve25519"
  },
  {
    "ciuName": "custom-elementsv1",
    "description": "A way to create new HTML elements implemented through JavaScript.",
    "id": "custom-elements",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "A welcome successor to XBL!",
    "mozPositionIssue": 60,
    "org": "WHATWG",
    "title": "Custom elements",
    "url": "https://html.spec.whatwg.org/multipage/custom-elements.html#custom-elements"
  },
  {
    "ciuName": null,
    "description": "Markup for ShadowRoot nodes.",
    "id": "declarative-shadow-dom",
    "mdnUrl": null,
    "mozBugUrl": null,
    "mozPosition": "non-harmful",
    "mozPositionDetail": "We're not convinced that the complexity this feature introduces upon the HTML parser carries its weight in terms of usefulness for web developers. There's also a risk that the processing model is not compatible with a future declarative custom elements feature as it was developed in isolation. Having said that, the proposal is a reasonable approach for this functionality that takes into account the various constraints and security considerations that come with changing the HTML parser.",
    "mozPositionIssue": 335,
    "org": "Proposal",
    "title": "Declarative Shadow DOM",
    "url": "https://github.com/mfreed7/declarative-shadow-dom/blob/master/README.md"
  },
  {
    "ciuName": null,
    "description": "This will allow custom elements to have \"default\" accessibility semantics, analogous to how built-in elements have \"implicit\" or \"native\" semantics.",
    "id": "custom-elements-a11y",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "This is an important addition to custom elements as otherwise they'd have to publicly expose their internals in order to get accessibility correct.",
    "mozPositionIssue": 201,
    "org": "WHATWG",
    "title": "Default Accessibility Semantics for Custom Elements",
    "url": "https://github.com/whatwg/html/pull/4658"
  },
  {
    "ciuName": "document-policy",
    "description": "Document policy allows content to define a policy that constrains embedded content.",
    "id": "document-policy",
    "mozBugUrl": null,
    "mozPosition": "non-harmful",
    "mozPositionDetail": "The mechanism described provides sites greater control over embedded content. Constraints are accepted by content or the browser does not load the content. This ensures that policies are effective without risk of content breaking in inexplicable ways due to those policies. The specification needs a lot more work, but no significant problems are apparent or anticipated.",
    "mozPositionIssue": 327,
    "org": "W3C",
    "title": "Document Policy",
    "url": "https://w3c.github.io/webappsec-feature-policy/document-policy.html"
  },
  {
    "ciuName": null,
    "description": "This document defines a simple mechanism for encrypting the Server Name Indication for TLS 1.3.",
    "id": "tls-esni",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1494901",
    "mozPosition": "important",
    "mozPositionDetail": "This feature enables encryption of the server name in connection attempts. It provides much-needed protection against attempts by network observers to see what people are doing. This work is complementary with efforts to encrypt DNS requests that we are also driving.",
    "mozPositionIssue": 139,
    "org": "IETF",
    "title": "Encrypted Server Name Indication for TLS 1.3",
    "url": "https://tools.ietf.org/html/draft-ietf-tls-esni"
  },
  {
    "ciuName": null,
    "description": "This document defines a set of Fetch metadata request headers that aim to provide servers with enough information to make a priori decisions about whether or not to service a request based on the way it was made, and the context in which it will be used.",
    "id": "fetch-metadata",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1508292",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "This gives servers useful context about requests that can be used to mitigate various security issues. The existing setup for embed/object elements gave some tough design challenges for this feature that were satisfactorily resolved. (There's also a reasonable expectation to be able to simplify these elements going forward.)",
    "mozPositionIssue": 88,
    "org": "W3C",
    "title": "Fetch Metadata Request Headers",
    "url": "https://github.com/w3c/webappsec-fetch-metadata"
  },
  {
    "ciuName": null,
    "description": "This proposal gives web applications a way to register their ability to handle (read, stream, edit) files with given MIME types and/or file extensions.",
    "id": "wicg-file-handling",
    "mozBugUrl": null,
    "mozPosition": "defer",
    "mozPositionDetail": "Not far enough along to properly evaluate.",
    "mozPositionIssue": 158,
    "org": "Proposal",
    "title": "File Handling",
    "url": "https://github.com/WICG/file-handling/blob/master/explainer.md"
  },
  {
    "ciuName": "native-filesystem-api",
    "description": "This document defines a web platform API that lets websites gain write access to the local file system. It builds on File API, but adds lots of new functionality on top.",
    "id": "native-file-system",
    "mozBugUrl": null,
    "mozPosition": "defer",
    "mozPositionDetail": "The ability to read and write from the filesystem is potentially very dangerous. We will need to carefully consider any solution in light of the security and privacy implications. We recognize that the spec authors take this issue seriously, but we are concerned that any solution will increase the risk of security incidents more than we are willing to tolerate. Right now, there isn't enough detail in the specification to make an assessment of these risks, so we will defer our decision until we have more information.",
    "mozPositionIssue": 154,
    "org": "Proposal",
    "title": "File System Access",
    "url": "https://wicg.github.io/file-system-access/"
  },
  {
    "ciuName": null,
    "description": "This document proposes a new web platform mechanism to declare a collection of related domains as being in a First-Party Set.",
    "id": "first-party-sets",
    "mozBugUrl": null,
    "mozPosition": "harmful",
    "mozPositionDetail": "We believe the definition of first party should be clear and understandable to users, web developers, and publishers, and thus ideally it should be based only on the top-level URL.  While we can't quite do that today because it isn't compatible with all sites, we'd like to move towards doing that, rather than standardizing a mechanism that moves away from that.  See <a href=\"https://github.com/privacycg/proposals/issues/17#issuecomment-641687052\">more details</a>.",
    "mozPositionIssue": 350,
    "org": "Proposal",
    "title": "First-Party Sets",
    "url": "https://github.com/WICG/first-party-sets"
  },
  {
    "ciuName": null,
    "description": "An API to enable objects other than built-in form control elements to participate in form submission, form validation, and so on.",
    "id": "form-participation-api",
    "mozBugUrl": [
      "https://bugzilla.mozilla.org/show_bug.cgi?id=1518442",
      "https://bugzilla.mozilla.org/show_bug.cgi?id=1552327"
    ],
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "These propose what seems likely to be a useful addition to allow custom controls to participate in form validation and submission.",
    "mozPositionIssue": 150,
    "org": "WHATWG",
    "title": "Form Participation API",
    "url": "https://github.com/whatwg/html/pull/4383"
  },
  {
    "ciuName": null,
    "description": "A proposal for using URL fragments with spaces in them to select a bit of text to highlight and scroll to",
    "id": "fragmention",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "We feel that some of the use cases this proposal addresses are very important to address, but worry about the lack of a clear processing model and about possible compat constraints that may need implementation experience to fully understand.  More details are in the position issue.  See also the <a href=\"#scroll-to-text-fragment\">position on Scroll to Text Fragment</a>, which aims to address similar use cases.",
    "mozPositionIssue": 234,
    "org": "Proposal",
    "title": "Fragmention",
    "url": "https://indieweb.org/fragmention"
  },
  {
    "ciuName": null,
    "description": "This specification defines a framework for exposing sensor data to the Open Web Platform in a consistent way. It does so by defining a blueprint for writing specifications of concrete sensors along with an abstract Sensor interface that can be extended to accommodate different sensor types.",
    "id": "generic-sensor",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Sensor_APIs",
    "mozBugUrl": null,
    "mozPosition": "harmful",
    "mozPositionDetail": "The purpose of most sensors and their associated risks are incredibly hard to convey to users, which means we cannot get informed consent. We are interested in addressing the use cases websites need sensors for in ways that do not give websites access to the sensors directly as that is rife with security and privacy issues.",
    "mozPositionIssue": 35,
    "org": "W3C",
    "title": "Generic Sensor API",
    "url": "https://w3c.github.io/sensors/"
  },
  {
    "ciuName": null,
    "description": "This specification defines the GeolocationSensor interface for obtaining the geolocation of the hosting device.",
    "id": "geolocation-sensor",
    "mdnUrl": "",
    "mozBugUrl": null,
    "mozPosition": "harmful",
    "mozPositionDetail": "Given that the web already has a geolocation API, any additional API for the same purpose would have to meet a high bar as both will need to be maintained forever. While the document claims to improve security and privacy, there is no evidence that is the case. And as it can be largely polyfilled on top of the existing API, it seems better to invest in web platform geolocation additions there, if any.",
    "mozPositionIssue": 36,
    "org": "W3C",
    "title": "Geolocation Sensor",
    "url": "https://w3c.github.io/geolocation-sensor/"
  },
  {
    "ciuName": "mdn-api_navigator_getinstalledrelatedapps",
    "description": "The Get Installed Related Apps API allows web apps to detect if related apps are installed on the current device.",
    "id": "get-installed-related-apps",
    "mozBugUrl": null,
    "mozPosition": "harmful",
    "mozPositionDetail": "This feature increases the fingerprinting surface of browsers without sufficient safeguards.",
    "mozPositionIssue": 213,
    "org": "Proposal",
    "title": "Get Installed Related Apps API",
    "url": "https://wicg.github.io/get-installed-related-apps/spec"
  },
  {
    "ciuName": "imports",
    "description": "HTML Imports are a way to include and reuse HTML documents in other HTML documents.",
    "id": "html-imports",
    "mozBugUrl": null,
    "mozPosition": "harmful",
    "mozPositionDetail": "Mozilla anticipated that JavaScript modules would change the landscape here and would rather invest in evolving that, e.g., through HTML Modules. Having a single mechanism to deal with dependencies rather than several, potentially conflicting systems, seems preferable.",
    "mozPositionIssue": 60,
    "org": "W3C",
    "title": "HTML Imports",
    "url": "https://www.w3.org/TR/2016/WD-html-imports-20160225"
  },
  {
    "ciuName": null,
    "description": "An extension of the ES6 Script Modules system to include HTML Modules. These will allow web developers to package and access declarative content from script in a way that allows for good componentization and reusability, and integrates well into the existing ES6 Modules infrastructure.",
    "id": "html-modules",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": null,
    "mozPositionIssue": 137,
    "org": "WHATWG",
    "title": "HTML Modules",
    "url": "https://github.com/w3c/webcomponents/blob/gh-pages/proposals/html-modules-explainer.md"
  },
  {
    "ciuName": null,
    "description": "Overhaul the <code>autofocus</code> processing model to better match browser behavior, fit better within the specification ecosystem, and avoid bad results for users.",
    "id": "autofocus-overhaul",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1574435",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": null,
    "mozPositionIssue": 195,
    "org": "WHATWG",
    "title": "HTML autofocus attribute overhaul",
    "url": "https://github.com/whatwg/html/pull/4763"
  },
  {
    "ciuName": "mdn-api_htmlvideoelement_requestvideoframecallback",
    "description": "&lt;video>.requestVideoFrameCallback() allows web authors to be notified when a frame has been presented for composition.",
    "id": "requestVideoFrameCallback",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "This is intended to allow web authors to do efficient per-video-frame processing of video, such as video processing and painting to a canvas, video analysis, or synchronization with external audio sources.",
    "mozPositionIssue": 250,
    "org": "Proposal",
    "title": "HTMLVideoElement.requestVideoFrameCallback()",
    "url": "https://wicg.github.io/video-rvfc"
  },
  {
    "ciuName": null,
    "description": "This document defines two independent HTTP Cache-Control extensions that allow control over the use of stale responses by caches. This document is not an Internet Standards Track specification; it is published for informational purposes.",
    "id": "http-stale-controls",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "The stale-while-revalidate cache control extension appears to provide improved user experience with no obvious drawbacks. We take no position on the other mechanisms in RFC 5861 at this time.",
    "mozPositionIssue": 144,
    "org": "Proposal",
    "title": "HTTP Cache-Control Extensions for Stale Content",
    "url": "https://tools.ietf.org/html/rfc5861"
  },
  {
    "ciuName": "client-hints-dpr-width-viewport",
    "description": "An increasing diversity of Web-connected devices and software capabilities has created a need to deliver optimized content for each device. This specification defines an extensible and configurable set of HTTP request header fields, colloquially known as Client Hints, to address this. They are intended to be used as input to proactive content negotiation; just as the Accept header field allows user agents to indicate what formats they prefer, Client Hints allow user agents to indicate device and agent specific preferences.",
    "id": "http-client-hints",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers#Client_hints",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=935216",
    "mozPosition": "non-harmful",
    "mozPositionDetail": "Architecturally, Mozilla prefers client-side solutions for retrieving alternate versions of content, such as the HTML &lt;picture> tag. Despite these architectural preferences, we find that Client-Hints do not present a concrete harm to the web or to its users. ",
    "mozPositionIssue": 79,
    "org": "IETF",
    "title": "HTTP Client Hints",
    "url": "https://tools.ietf.org/html/draft-ietf-httpbis-client-hints"
  },
  {
    "ciuName": null,
    "description": "The imperative slotting API allows the developer to explicitly set the assigned nodes for a slot element.",
    "id": "imperative-shadow-dom",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "The proposal is a relatively small addition to the existing Shadow DOM API and can make it easier to use Shadow DOM.",
    "mozPositionIssue": 409,
    "org": "WHATWG",
    "title": "Imperative Shadow DOM Distribution API",
    "url": "https://github.com/w3c/webcomponents/blob/gh-pages/proposals/Imperative-Shadow-DOM-Distribution-API.md"
  },
  {
    "ciuName": null,
    "description": "The Import Assertions and JSON modules proposal adds an inline syntax for module import statements to pass on more information alongside the module specifier, and an initial application for such attributes in supporting JSON modules in a common way across JavaScript environments.",
    "id": "import-attributes",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1648614",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "This proposal enables the importing of JSON content into a JS module. This mechanism is a prerequisite for HTML/CSS/JSON modules.",
    "mozPositionIssue": 373,
    "org": "Ecma",
    "title": "Import Assertions",
    "url": "https://tc39.es/proposal-import-assertions/"
  },
  {
    "ciuName": "import-maps",
    "description": "Import maps allow web pages to control the behavior of JavaScript imports.",
    "id": "import-maps",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1688879",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "We support the overall intent of the proposal and consider it worth prototyping. There are a few technical details that may require some care, in particular the relationship between speculative parsing and dynamic import maps.",
    "mozPositionIssue": 146,
    "org": "Proposal",
    "title": "Import Maps",
    "url": "https://wicg.github.io/import-maps/"
  },
  {
    "ciuName": null,
    "description": "This document proposes a few changes to cookies inspired by the properties of the HTTP State Tokens mechanism.  First, cookies should be treated as \"SameSite=Lax\" by default.  Second, cookies that explicitly assert \"SameSite=None\" in order to enable cross-site delivery should also be marked as \"Secure\".  Third, same-site should take the scheme of the sites into account.  Fourth, cookies should respect schemes.  Fifth, cookies associated with non-secure schemes should be removed at the end of a user's session.  Sixth, the definition of a session should be tightened.",
    "id": "cookie-incrementalism",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "Any approach that reduces the scope of cookie use is a security and privacy win. Because some such changes can break websites that rely on the broader scope, we would like to proceed with caution, but believe that the feature is worth experimenting with and collecting data about.",
    "mozPositionIssue": 260,
    "org": "Proposal",
    "title": "Incrementally Better Cookies",
    "url": "https://tools.ietf.org/html/draft-west-cookie-incrementalism"
  },
  {
    "ciuName": "mdn-api_keyboardlayoutmap",
    "description": "This specification defines an API that allows websites to convert from a given code value to a valid key value that can be shown to the user to identify the given key. The conversion from code to key is based on the user\u2019s currently selected keyboard layout. It is intended to be used by web applications that want to treat the keyboard as a set of buttons and need to describe those buttons to the user.",
    "id": "keyboard-map",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1469017",
    "mozPosition": "harmful",
    "mozPositionDetail": "We're concerned that this exposes keyboard layouts, which seem likely to be a significant source of fingerprinting data, in a way that does not require any user interaction.",
    "mozPositionIssue": 300,
    "org": "Proposal",
    "title": "Keyboard Map",
    "url": "https://wicg.github.io/keyboard-map/"
  },
  {
    "ciuName": null,
    "description": "This specification defines an API that provides web page authors with insights into the stability of their pages based on movements of the elements on the page.",
    "id": "layout-instability",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1651528",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "We're somewhat uneasy about the potential burden that this feature imposes on sites that don't use it, due to the requirements of the \"buffered\" flag.  However, setting that reservation aside, we think this sort of feature is worth exploring.  We've filed spec issues on that reservation and on some other points that need clarity.",
    "mozPositionIssue": 374,
    "org": "Proposal",
    "title": "Layout Instability API",
    "url": "https://wicg.github.io/layout-instability/"
  },
  {
    "ciuName": "loading-lazy-attr",
    "description": "Enabling images to be fetched at a later time, when the user is likely to look at them.",
    "id": "loading-lazy-attr",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/img#attr-loading",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542784",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "As currently scoped in the HTML pull request this is a reasonable addition to how images are fetched. (Note that the scope on Can I use is slightly bigger. Frames are likely a reasonable addition, but have their own set of design challenges.)",
    "mozPositionIssue": 151,
    "org": "WHATWG",
    "title": "Lazy loading (of images)",
    "url": "https://github.com/whatwg/html/pull/3752"
  },
  {
    "ciuName": null,
    "description": "This document updates RFC 6761 with the goal of ensuring that \"localhost\" can be safely relied upon as a name for the local host's loopback interface. To that end, stub resolvers are required to resolve localhost names to loopback addresses. Recursive DNS servers are required to return \"NXDOMAIN\" when queried for localhost names, making non-conformant stub resolvers more likely to fail and produce problem reports that result in updates. Together, these requirements would allow applications and specifications to join regular users in drawing the common-sense conclusions that \"localhost\" means \"localhost\", and doesn't resolve to somewhere else on the network.",
    "id": "let-localhost-be-localhost",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1220810",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "The proposal, to the extent it applies to browsers, is to hardcode localhost to always resolve to a loopback address instead of invoking the resolver library to perform such translation. Since browsers (including Firefox) treat files hosted on localhost to be more privileged than remote content, this proposal seems to be a good belt-and-suspenders approach to prevent certain exploits.",
    "mozPositionIssue": 121,
    "org": "IETF",
    "title": "Let 'localhost' be localhost.",
    "url": "https://tools.ietf.org/html/draft-ietf-dnsop-let-localhost-be-localhost"
  },
  {
    "ciuName": null,
    "description": "This describes APIs for TCP and UDP communication with arbitrary hosts",
    "id": "low-level-sockets",
    "mdnUrl": null,
    "mozBugUrl": null,
    "mozPosition": "harmful",
    "mozPositionDetail": "This API creates a way to circumvent protections, in particular the same-origin policy, that have been developed to protect these services. The safeguards outlined in the explainer are inadequate and incomplete. Relying on user consent is not a sufficient safeguard if this capability were to be exposed to the web.",
    "mozPositionIssue": 431,
    "org": "Proposal",
    "title": "Low-level (Raw) Sockets API",
    "url": "https://github.com/WICG/raw-sockets/blob/master/docs/explainer.md"
  },
  {
    "ciuName": null,
    "description": "This specification enables web developers to show personalized media recommendations on the browser UI.",
    "id": "media-feeds",
    "mdnUrl": null,
    "mozBugUrl": null,
    "mozPosition": "harmful",
    "mozPositionDetail": "Media feeds uses harmful technologies to amplify a harmful feature. Many of the capabilities this enables are available to sites in other ways. For those capabilities that are not, extensions to the <a href=\"https://w3c.github.io/mediasession/\">Media Session API</a> would be preferable.",
    "mozPositionIssue": 370,
    "org": "Proposal",
    "title": "Media Feeds",
    "url": "https://wicg.github.io/media-feeds/"
  },
  {
    "ciuName": "mdn-api_mediastreamtrack_contenthint",
    "description": "This specification extends MediaStreamTrack to let web applications provide an optional media-content hint attribute. This helps sinks like RTCPeerConnection or MediaRecorder select encoder parameters and processing algorithms appropriately based on a hint about the nature of the content being consumed without having to examine the actual content.",
    "id": "mst-content-hint",
    "mdnUrl": null,
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "Content Hints is a welcome higher-level abstraction that does not require broad knowledge and tuning of video encoder, audio-processing, and congestion controls directly. Early concerns over lack of specificity around how hints interact with the lower-level controls they complement have been addressed.",
    "mozPositionIssue": 101,
    "org": "W3C",
    "title": "MediaStreamTrack Content Hints",
    "url": "https://w3c.github.io/mst-content-hint/"
  },
  {
    "ciuName": "netinfo",
    "description": "The Network Information API enables web applications to access information about the network connection in use by the device.",
    "id": "netinfo",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1057169",
    "mozPosition": "harmful",
    "mozPositionDetail": "This API provides information about a client's network connection, which allows sites to obtain additional information about clients and their environment. It is better that sites use methods that dynamically adapt to available bandwidth, as that is more accurate and likely to be applicable in the moment.",
    "mozPositionIssue": 117,
    "org": "Proposal",
    "title": "Network Information API",
    "url": "https://wicg.github.io/netinfo"
  },
  {
    "ciuName": null,
    "description": "This specification defines a delivery mechanism for a number of policies which are to be applied to an entire origin. It compliments header-based delivery mechanisms for existing policies (Content Security Policy, Referrer Policy, etc).",
    "id": "origin-policy",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1508290",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "Giving developers the ability to set policies for an entire origin is a powerful new primitive that will benefit security of applications as well as performance due to the ability to bypass CORS preflights. The renewed effort to make this happen takes a strong anti-tracking stance that is in line with our efforts around privacy in Fetch, such as isolating the HTTP cache. Given this, it seems worth figuring out if this can be made viable.",
    "mozPositionIssue": 160,
    "org": "Proposal",
    "title": "Origin Policy",
    "url": "https://wicg.github.io/origin-policy/"
  },
  {
    "ciuName": null,
    "description": "This feature allows for an agent cluster to be keyed by origin rather than site.",
    "id": "domenic-origin-isolation",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1665474",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "Letting developers opt out of document.domain and reduce the potential size of their agent cluster allows user agents to balance security, performance, and resource management.",
    "mozPositionIssue": 244,
    "org": "WHATWG",
    "title": "Origin-Keyed Agent Clusters",
    "url": "https://html.spec.whatwg.org/multipage/origin.html#origin-isolation"
  },
  {
    "ciuName": null,
    "description": "This specification defines capabilities that enable Web applications to handle requests for payment.",
    "id": "payment-handler",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1465682",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "The Payment Handler API has the potential to enable an open and secure payments ecosystem for the Web. At the same time, we remain concerned about some of the user interface requirements, and by the privacy and security assumptions made in the specification. We've raised our concerns at the W3C, and are working with the Payments working group to address those concerns. We hope that by prototyping the API we will actively address the privacy, security, and UI concerns; and fix those in the specification too. Additionally, having a working prototype will allow us to closely collaborate with the developer community and financial industry. By doing so, we will gain a better understanding of how we can solve the challenges we'll face, were we to eventually ship this API.",
    "mozPositionIssue": 23,
    "org": "W3C",
    "title": "Payment Handler API",
    "url": "https://w3c.github.io/payment-handler"
  },
  {
    "ciuName": null,
    "description": "This specification defines the machine-readable manifest file, known as a payment method manifest, describing how a payment method participates in the Web Payments ecosystem, and how such files are to be used.",
    "id": "payment-method-manifest",
    "mozBugUrl": null,
    "mozPosition": "defer",
    "mozPositionDetail": "We'd like to defer this for the same reasons as Payment Handler, given that it is closely related.",
    "mozPositionIssue": 22,
    "org": "W3C",
    "title": "Payment Method Manifest",
    "url": "https://w3c.github.io/payment-method-manifest"
  },
  {
    "ciuName": "background-sync",
    "description": "This specification describes a method that enables web applications to synchronize data in the background.",
    "id": "periodic-background-sync",
    "mozBugUrl": null,
    "mozPosition": "harmful",
    "mozPositionDetail": "We're concerned that this feature would allow users to be tracked across networks (leaking private information about location and IP address and how they change over time), and that it would allow script execution and resource consumption when it isn't clear to the user that they're interacting with the site.  We might reconsider this position given evidence that these concerns can be safely addressed, however, addressing them for periodic background sync appears substantially harder than doing so for one-off background sync.",
    "mozPositionIssue": 214,
    "org": "Proposal",
    "title": "Periodic Background Synchronization",
    "url": "https://github.com/WICG/BackgroundSync/blob/master/explainers/periodicsync-explainer.md"
  },
  {
    "ciuName": "permissions-api",
    "description": "The Permissions Standard defines common infrastructure for other specifications that need to interact with browser permissions. It also defines an API to allow web applications to query and request changes to the status of a given permission.",
    "id": "permissions",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Permissions_API",
    "mozBugUrl": null,
    "mozPosition": "important",
    "mozPositionDetail": "Mozilla believes that the ability to work with user permissions is critical for user agency. There are certain aspects of the API that are not suitable for the permissions model used in Firefox and so we would like to work on improving several aspects of the API. In particular, we think that the way that status of permissions needs to more accurately reflect the different states that exist or could exist. We also think that the interactions with Feature Policy need to be better clarified. We're committed to fixing this, because permissions has become critical in making the web a more capable platform and it is important to ensure that we preserve user control over their online experience.",
    "mozPositionIssue": 19,
    "org": "W3C",
    "title": "Permissions",
    "url": "https://w3c.github.io/permissions/"
  },
  {
    "ciuName": "permissions-policy",
    "description": "This specification defines a mechanism that allows developers to selectively enable and disable use of various browser features and APIs.",
    "id": "feature-policy",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1390801",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "Mozilla's primary interest in this specification is in the delegation of permissions to third-party contexts that are not granted there by default. To that end we have shipped the allow attribute. The recently revised Permissions-Policy header seems worth prototyping and would allow for sites to impose restrictions on themselves. We hope that the JavaScript API can be folded into the Permissions API and have not evaluated the reporting functionality as of yet.",
    "mozPositionIssue": 24,
    "org": "W3C",
    "title": "Permissions Policy",
    "url": "https://w3c.github.io/webappsec-permissions-policy/"
  },
  {
    "ciuName": "picture-in-picture",
    "description": "This specification intends to provide APIs to allow websites to create a floating video window always on top of other windows so that users may continue consuming media while they interact with other content sites, or applications on their device.",
    "id": "picture-in-picture",
    "mozBugUrl": null,
    "mozPosition": "defer",
    "mozPositionDetail": "We ship Picture-in-Picture (PiP) as a feature in Firefox, but without exposing a JavaScript API. We are evaluating if our PiP UI affordances are sufficient for users and web applications. In the future, we may reconsider exposing the API, which is why we have chosen to 'defer'.",
    "mozPositionIssue": 72,
    "org": "Proposal",
    "title": "Picture-in-Picture",
    "url": "https://wicg.github.io/picture-in-picture/"
  },
  {
    "ciuName": "portals",
    "description": "This specification defines a mechanism that allows for rendering of, and seamless navigation to, embedded content.",
    "id": "portals",
    "mozBugUrl": null,
    "mozPosition": "defer",
    "mozPositionDetail": "While we are deferring evaluation of this proposal, because per <a href=\"https://github.com/mozilla/standards-positions/issues/157#issuecomment-636217042\">Domenic's comment</a> it is in the early stages of development and it is too early to evaluate fully, there are concerns (serious enough to mark it as harmful) that we would like to see addressed as it develops.  Most significantly, it needs to explain its interaction with the Web's storage mechanisms in a way that doesn't contribute to third-party tracking or reduce the effectiveness of proposals designed to mitigate such tracking (such as those that partition storage based on toplevel origins).  It also needs to justify the (still undetermined) amount of complexity that it adds to the web platform with sufficiently valuable use cases to justify that complexity.",
    "mozPositionIssue": 157,
    "org": "Proposal",
    "title": "Portals",
    "url": "https://wicg.github.io/portals/"
  },
  {
    "ciuName": null,
    "description": "This specification defines a privacy preserving way to attribute a conversion, such as a purchase or a sign-up, to a previous ad click.",
    "id": "private-click-measurement",
    "mozBugUrl": null,
    "mozPosition": "defer",
    "mozPositionDetail": "We're interested in this specification in order to support a way for a click source to measure conversions as a result of the user clicking on an ad without sharing user-identifying information with the click source in the third-party context.  However, we are waiting to take a position until the fraud preventions that it depends on are specified and we can understand their properties.",
    "mozPositionIssue": 161,
    "org": "Proposal",
    "title": "Private Click Measurement",
    "url": "https://privacycg.github.io/private-click-measurement/"
  },
  {
    "ciuName": null,
    "description": "This document specifies modifications to Fetch which are intended to mitigate the risks associated with unintentional exposure of devices and servers on a client\u2019s internal network to the web at large.",
    "id": "cors-and-rfc1918",
    "mdnUrl": null,
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1481298",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "While imperfect and arguably at odds with Internet architecture, localhost and local networks of end users are vulnerable to attacks that this protocol will help mitigate.",
    "mozPositionIssue": 143,
    "org": "Proposal",
    "title": "Private Network Access",
    "url": "https://wicg.github.io/private-network-access/"
  },
  {
    "ciuName": null,
    "description": "Powerful web applications would like to exchange data with native applications via the OS clipboard (copy-paste). The existing Web Platform has a high-level API that supports the most popular standardized data types (text, image, rich text) across all platforms. However, this API does not scale to the long tail of specialized formats. In particular, non-web-standard formats like TIFF (a large image format), and proprietary formats like .docx (a document format), are not supported by the current Web Platform. Raw Clipboard Access aims to provide a low-level API solution to this problem, by implementing copying and pasting of data with any arbitrary Clipboard type, without encoding and decoding.",
    "id": "raw-clipboard-access",
    "mozBugUrl": null,
    "mozPosition": "harmful",
    "mozPositionDetail": "The current proposal has significant risks of attacks on native applications.  Some of these attacks may be mitigated by pickling or other similar solutions.  If such a solution is incorporated, we would be willing to reevaluate this proposal.",
    "mozPositionIssue": 206,
    "org": "Proposal",
    "title": "Raw Clipboard Access",
    "url": "https://github.com/WICG/raw-clipboard-access/"
  },
  {
    "ciuName": null,
    "description": "A TC39 proposal to add an .at() method to all the basic indexable classes (Array, String, TypedArray) which allows relative indexing of collection.",
    "id": "relative-indexing-method",
    "mdnUrl": null,
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1658308",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "Relative indexing is useful for typed arrays and arrays and will be a quality of life improvement for developers.",
    "mozPositionIssue": 458,
    "org": "Ecma",
    "title": "Relative indexing method",
    "url": "https://github.com/tc39/proposal-relative-indexing-method"
  },
  {
    "ciuName": null,
    "description": "This document defines a generic reporting framework which allows web developers to associate a set of named reporting endpoints with an origin. Various platform features can use these endpoints to deliver feature-specific reports in a consistent manner.",
    "id": "reporting",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1620573",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "This is a reasonable generalization of the CSP reporting mechanism that allows more features to adopt it.",
    "mozPositionIssue": 104,
    "org": "W3C",
    "title": "Reporting API",
    "url": "https://w3c.github.io/reporting/"
  },
  {
    "ciuName": null,
    "description": "A way to force an embedded document and descendants (regardless of origin) into each having their own agent/event loop.",
    "id": "documentaccess",
    "mozBugUrl": null,
    "mozPosition": "harmful",
    "mozPositionDetail": "Changing control flow of cross-origin documents without their consent is not something we should expand upon (i.e., beyond what sandboxing allows) as it could enable attack vectors. Furthermore, forcing same-origin documents in the same browsing context group to be in different agents is a major architectural change and this does not offer enough advantages to make such a change.",
    "mozPositionIssue": 197,
    "org": "Proposal",
    "title": "Restricting Document Access of Same Origin Documents",
    "url": "https://github.com/dtapuska/documentaccess"
  },
  {
    "ciuName": "mdn-api_sanitizer",
    "description": "The Sanitizer API allows turning supplied HTML into a safe HTML DOM tree",
    "id": "sanitizer-api",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1650370",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "This could be useful, since libraries exists and the browser could do it better.",
    "mozPositionIssue": 106,
    "org": "Proposal",
    "title": "Sanitizer API",
    "url": "https://wicg.github.io/sanitizer-api/"
  },
  {
    "ciuName": null,
    "description": "Reducing the scope of cookies by including the URL scheme in their keying material as well as reducing the lifetime of non-secure cookies.",
    "id": "scheming-cookies",
    "mozBugUrl": null,
    "mozPosition": "important",
    "mozPositionDetail": "Reducing the scope of cookies along this axis is a major win.",
    "mozPositionIssue": 298,
    "org": "Proposal",
    "title": "Scheme-Bound Cookies",
    "url": "https://github.com/mikewest/scheming-cookies"
  },
  {
    "ciuName": "wake-lock",
    "description": "This document specifies an API that allows web applications to request a screen wake lock. Under the right conditions, and if allowed, the screen wake lock prevents the system from turning off a device's screen.",
    "id": "screen-wake-lock",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1589554",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "As the scope of the specification has been reduced to screen wake locks, it's worth prototyping this API in a manner that restricts it to foreground first-party content. Additionally, the API appears flexible enough that a permission grant can be performed asynchronously, allowing us to evaluate the most appropriate permission model should we choose to ship this API in the future. As the API allows the capability to be revoked at any time, we can also prototype eagerly granting, notifying the user what's going on, and allowing users to disable the capability entirely - either per origin, or globally through a browser setting. There is a risk that sites could abuse the API for the sake of engagement, which could unnecessarily drain a device's battery. It could also be a nuisance or be used for social engineering attacks: such as disabling the system's ability to password-lock a device when the screen doesn't switch off if the user leaves their device unattended. Prototyping this capability would allow us to further evaluate how to best mitigate the aforementioned concerns.",
    "mozPositionIssue": 210,
    "org": "W3C",
    "title": "Screen Wake Lock API",
    "url": "https://w3c.github.io/wake-lock/"
  },
  {
    "ciuName": "url-scroll-to-text-fragment",
    "description": "A proposal for extending URL fragment syntax with a list of text bits to highlight and scroll to",
    "id": "scroll-to-text-fragment",
    "mozBugUrl": null,
    "mozPosition": "non-harmful",
    "mozPositionDetail": "We feel that some of the use cases this proposal addresses are very important to address, but that this specific proposal introduces various harmful aspects in the process of addressing them.  We feel that it would be worth prototyping a proposal with those harmful aspects removed.  More details are in the position issue.  See also the <a href=\"#fragmention\">position on Fragmention</a>, which aims to address similar use cases.",
    "mozPositionIssue": 194,
    "org": "Proposal",
    "title": "Scroll to Text Fragment",
    "url": "https://github.com/WICG/ScrollToTextFragment"
  },
  {
    "ciuName": null,
    "description": "A use of TLS Exported Authenticators is described which enables HTTP/2 clients and servers to offer additional certificate-based credentials after the connection is established. The means by which these credentials are used with requests is defined.",
    "id": "http2-secondary-certs",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "This specification enables client authentication in HTTP/2, which is of some benefit. However, it is the server authentication that is most interesting from a privacy perspective. There are some challenges that would need to be worked through before this could be deployed in anything other than an experiment.",
    "mozPositionIssue": 175,
    "org": "IETF",
    "title": "Secondary Certificate Authentication in HTTP/2",
    "url": "https://tools.ietf.org/html/draft-ietf-httpbis-http2-secondary-certs"
  },
  {
    "ciuName": "mdn-api_serial",
    "description": "The Serial API provides a way for websites to read and write from a serial device through script. Such an API would bridge the web and the physical world, by allowing documents to communicate with devices such as microcontrollers, 3D printers, and other serial devices. There is also a companion explainer document.",
    "id": "webserial",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=webserial",
    "mozPosition": "harmful",
    "mozPositionDetail": "Devices that offer serial interfaces often expose powerful, low-level functions over the interface with little or no authentication. Exposing that sort of capability to the web without adequate safeguards presents a significant threat to those devices.",
    "mozPositionIssue": 336,
    "org": "Proposal",
    "title": "Serial API",
    "url": "https://wicg.github.io/serial"
  },
  {
    "ciuName": null,
    "description": "This document specifies the \"SVCB\" and \"HTTPSSVC\" DNS resource record types to facilitate the lookup of information needed to make connections for origin resources, such as for HTTPS URLs. SVCB records allow an origin to be served from multiple network locations, each with associated parameters (such as transport protocol configuration and keying material for encrypting TLS SNI). They also enable aliasing of apex domains, which is not possible with CNAME. The HTTPSSVC DNS RR is a variation of SVCB for HTTPS and HTTP origins. By providing more information to the client before it attempts to establish a connection, these records offer potential benefits to both performance and privacy.",
    "id": "dnsop-svcb-httpssvc",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "While there are some details of the proposal that may require refining, we beleive that this is a promising approach to support Encrypted SNI, and may help improve user experience with HTTP/3.",
    "mozPositionIssue": 208,
    "org": "IETF",
    "title": "Service binding and parameter specification via the DNS (DNS SVCB and HTTPSSVC)",
    "url": "https://tools.ietf.org/html/draft-ietf-dnsop-svcb-httpssvc"
  },
  {
    "ciuName": "shadowdomv1",
    "description": "A way to give a node in the DOM a hidden subtree in which the children of the node can be inserted.",
    "id": "shadow-trees",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "A welcome successor to XBL!",
    "mozPositionIssue": 60,
    "org": "WHATWG",
    "title": "Shadow trees (formerly known as Shadow DOM)",
    "url": "https://dom.spec.whatwg.org/#shadow-trees"
  },
  {
    "ciuName": "sxg",
    "description": "This document specifies how a server can send an HTTP request/ response pair, known as an exchange, with signatures that vouch for that exchange's authenticity. These signatures can be verified against an origin's certificate to establish that the exchange is authoritative for an origin even if it was transferred over a connection that isn't. The signatures can also be used in other ways described in the appendices. These signatures contain countermeasures against downgrade and protocol-confusion attacks.",
    "id": "http-origin-signed-responses",
    "mozBugUrl": null,
    "mozPosition": "harmful",
    "mozPositionDetail": "Mozilla has concerns about the shift in the web security model required for handling web-packaged information. Specifically, the ability for an origin to act on behalf of another without a client ever contacting the authoritative server is worrisome, as is the removal of a guarantee of confidentiality from the web security model (the host serving the web package has access to plain text). We recognise that the use cases satisfied by web packaging are useful, and would be likely to support an approach that enabled such use cases so long as the foregoing concerns could be addressed.",
    "mozPositionIssue": 29,
    "org": "Proposal",
    "title": "Signed HTTP Exchanges",
    "url": "https://tools.ietf.org/html/draft-yasskin-http-origin-signed-responses"
  },
  {
    "ciuName": "",
    "description": "The Storage Access API provides a means for authenticated cross-site embeds to check their blocking status and request access to storage if they are blocked.",
    "id": "storage-access-api",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1469714",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "In our current efforts to limit the impact of cross-site tracking there are cases where we may unintentionally break parts of web pages that users depend on. The storage access API provides a programmatic way for affected embedded content to fix these types of broken experiences for the user.  Also, in our upcoming efforts to limit the potential capabilities for unknown third-parties to track the user, we would like to continue to restrict the storage capabilities of the third-party context. The storage access API similarly provides a programmatic path for the embedded widgets which cannot work correctly without access to their data.  It isn't an ideal solution, for example our implementation falls back to prompting the user if it cannot automatically determine whether access should be granted or not, but it is a step in the right direction in the game of reversing the current defaults of the web, that is granting permissive storage access rights to all third-party contexts unconditionally.",
    "mozPositionIssue": 280,
    "org": "Proposal",
    "title": "Storage Access API",
    "url": "https://github.com/privacycg/storage-access"
  },
  {
    "ciuName": "streams",
    "description": "This specification provides APIs for creating, composing, and consuming streams of data that map efficiently to low-level I/O primitives.",
    "id": "streams",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Streams_API",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1128959",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "Streams are an important building block for many APIs, in particular around networking and media.",
    "mozPositionIssue": 70,
    "org": "WHATWG",
    "title": "Streams",
    "url": "https://streams.spec.whatwg.org"
  },
  {
    "ciuName": null,
    "description": "This document describes a set of data types and associated algorithms that are intended to make it easier and safer to define and handle HTTP header fields. It is intended for use by specifications of new HTTP header fields that wish to use a common syntax that is more restrictive than traditional HTTP field values.",
    "id": "structured-headers",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631722",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "Use of structured headers promises to improve consistency and interoperability of new HTTP header fields. Depending on further security analysis, we may upgrade this feature to 'important' in the future.",
    "mozPositionIssue": 256,
    "org": "IETF",
    "title": "Structured Headers for HTTP",
    "url": "https://tools.ietf.org/html/draft-ietf-httpbis-header-structure"
  },
  {
    "ciuName": null,
    "description": "Serializing and deserializing JavaScript Error objects.",
    "id": "errors-structured-cloning",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1556604",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "Good extension to the object serialization algorithm (StructuredSerializeInternal) as currently there is no way to serialize errors.",
    "mozPositionIssue": 165,
    "org": "WHATWG",
    "title": "Structured cloning of errors",
    "url": "https://github.com/whatwg/html/issues/4268"
  },
  {
    "ciuName": null,
    "description": "This document specifies the Privacy Pass protocol for anonymously authorizing clients with services on the Internet.  Note to Readers Source for this draft and an issue tracker can be found at https://github.com/grittygrease/draft-privacy-pass [1].",
    "id": "privacy-pass",
    "mozBugUrl": null,
    "mozPosition": "defer",
    "mozPositionDetail": "This protocol provides a way to achieve certain important goals, such as denial of service mitigation, without also creating tracking mechanisms.  As such, we are very supportive of the goal.  However, we will defer making a firm position until the protocol and the novel cryptographic primitives it relies on have had more thorough security analysis.",
    "mozPositionIssue": 261,
    "org": "Proposal",
    "title": "The Privacy Pass Protocol",
    "url": "https://tools.ietf.org/html/draft-privacy-pass"
  },
  {
    "ciuName": null,
    "description": "The WebTransport Protocol Framework enables clients constrained by the Web security model to communicate with a remote server using a secure multiplexed transport. It consists of a set of individual protocols that are safe to expose to untrusted applications, combined with a model that allows them to be used interchangeably. This document defines the overall requirements on the protocols used in WebTransport, as well as the common features of the protocols, support for some of which may be optional.",
    "id": "webtransport",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "We are generally in support of a mechanism that addresses the use cases implied by this solution document. While major questions remain open at this time -- notably, multiplexing, the API surface, and available statistics -- we think that prototyping the proposed solution as details become more firm would be worthwhile. We would like see the new WebSocketStream and WebTransport stream APIs to be developed in concert with each other, so as to share as much design as possible.",
    "mozPositionIssue": 167,
    "org": "Proposal",
    "title": "The WebTransport Protocol Framework",
    "url": "https://tools.ietf.org/html/draft-vvv-webtransport-overview"
  },
  {
    "ciuName": "mdn-javascript_operators_await_top_level",
    "description": "Top-level await enables modules to act as big async functions: With top-level await, ECMAScript Modules (ESM) can await resources, causing other modules who import them to wait before they start evaluating their body.",
    "id": "top-level-await",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1519100",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "An ergonomic way of handling modules that contain top level asynchronous work.",
    "mozPositionIssue": 444,
    "org": "Ecma",
    "title": "Top-Level Await",
    "url": "https://github.com/tc39/proposal-top-level-await"
  },
  {
    "ciuName": null,
    "description": "In Transport Layer Security (TLS) handshakes, certificate chains often take up the majority of the bytes transmitted. This document describes how certificate chains can be compressed to reduce the amount of data transmitted and avoid some round trips.",
    "id": "tls-certificate-compression",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "Compression of certificates should provide some performance advantages.",
    "mozPositionIssue": 96,
    "org": "IETF",
    "title": "Transport Layer Security (TLS) Certificate Compression",
    "url": "https://tools.ietf.org/html/draft-ietf-tls-certificate-compression"
  },
  {
    "ciuName": null,
    "description": "This document is an explainer for a potential future web platform API that allows propagating trust across sites, using the Privacy Pass protocol as an underlying primitive.",
    "id": "trust-token",
    "mozBugUrl": null,
    "mozPosition": "defer",
    "mozPositionDetail": "This API depends on the Privacy Pass protocol, for which we have deferred our position statement.",
    "mozPositionIssue": 262,
    "org": "Proposal",
    "title": "Trust Token API",
    "url": "https://github.com/WICG/trust-token-api/blob/master/README.md"
  },
  {
    "ciuName": "trusted-types",
    "description": "An API that allows applications to lock down powerful APIs to only accept non-spoofable, typed values in place of strings to prevent vulnerabilities caused by using these APIs with attacker-controlled inputs.",
    "id": "trusted-types",
    "mozBugUrl": null,
    "mozPosition": "non-harmful",
    "mozPositionDetail": "The API could be used to harden sites against certain cross-site scripting issues, but it is sufficiently complex that we are concerned that it will not be suitable for many sites.",
    "mozPositionIssue": 20,
    "org": "W3C",
    "title": "Trusted Types",
    "url": "https://w3c.github.io/webappsec-trusted-types/dist/spec"
  },
  {
    "ciuName": null,
    "description": "The QID Emoji Tag Sequences (or QID emoji, for short) have been proposed to provide a well-defined mechanism for implementations to support additional valid emoji that are not representable by Unicode characters or emoji zwj sequences. This mechanism allows for the interchange of emoji whose meaning is discoverable, and which should be correctly parsed by all conformant implementations (although only displayed by implementations that support it). The meaning of each of these valid emoji is established by reference to a Wikidata QID.",
    "id": "unicode-emoji-qid",
    "mozBugUrl": null,
    "mozPosition": "harmful",
    "mozPositionDetail": "Mozilla has a number of concerns about this proposal, including: (a) the lack of reference glyphs is likely to increase miscommunication between users; (b) having a formal, versioned approval process provides synchronization between implementors for adding new glyphs, and this proposal removes that; (c) QID glyphs that are later adopted into Unicode would result in duplicate encodings, perhaps in perpetuity; (d) gathering telemetry about the popularity of specific emoji for the purposes of more formal codepoint assignments may cause privacy issues and provides incumbent implementors a competitive advantage; and (e) there are no barriers to abuse of the QID system to create non-emoji characters as a general end-run around the Unicode process.",
    "mozPositionIssue": 233,
    "org": "Unicode",
    "title": "Unicode Emoji QID",
    "url": "https://www.unicode.org/review/pri408/pri408-tr51-QID.html"
  },
  {
    "ciuName": null,
    "description": "This document defines a set of Client Hints that aim to provide developers with the ability to perform agent-based content negotiation when necessary, while avoiding the historical baggage and passive fingerprinting surface exposed by the venerable \"User-Agent\" header.",
    "id": "ua-client-hints",
    "mozBugUrl": null,
    "mozPosition": "non-harmful",
    "mozPositionDetail": "Using Client Hints to deliver info derived from the User Agent header field for servers that specifically request this information may reduce the number of parties that can use this information for passively fingerprinting users. However, we could reduce this even further by freezing the User Agent string and requiring resources to actively request this information via the proposed NavigatorUAData interface JS APIs. This would also allow us to audit the callers. At this time, freezing the User Agent string without any client hints (which is not this proposal) seems worth prototyping. We look forward to learning from other vendors who implement the \"GREASE-like UA Strings\" proposal and its effects on site compatibility.",
    "mozPositionIssue": 202,
    "org": "Proposal",
    "title": "User Agent Client Hints",
    "url": "https://tools.ietf.org/html/draft-west-ua-client-hints"
  },
  {
    "ciuName": "webauthn",
    "description": "This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. Conceptually, one or more public key credentials, each scoped to a given WebAuthn Relying Party, are created by and bound to authenticators as requested by the web application. The user agent mediates access to authenticators and their public key credentials in order to preserve user privacy. Authenticators are responsible for ensuring that no operation is performed without user consent. Authenticators provide cryptographic proof of their properties to Relying Parties via attestation. This specification also describes the functional model for WebAuthn conformant authenticators, including their signature and attestation functionality.",
    "id": "webauthn",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1294514",
    "mozPosition": "important",
    "mozPositionDetail": "Public key cryptographic authentication is a major improvement in the fight against phishing, and we encourage all security-conscious web applications to implement authentication flows utilizing Web Authentication in the future.",
    "mozPositionIssue": 163,
    "org": "W3C",
    "title": "Web Authentication: An API for accessing Public Key Credentials",
    "url": "https://w3c.github.io/webauthn/"
  },
  {
    "ciuName": "background-sync",
    "description": "This specification describes a method that enables web applications to synchronize data in the background.",
    "id": "background-sync",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/SyncManager",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1547906",
    "mozPosition": "harmful",
    "mozPositionDetail": "We're concerned that this feature would allow users to be tracked across networks (leaking private information about location and IP address and how they change over time), and that it would allow script execution and resource consumption when it isn't clear to the user that they're interacting with the site.  We might reconsider this position given evidence that these concerns can be safely addressed.",
    "mozPositionIssue": 173,
    "org": "Proposal",
    "title": "Web Background Synchronization",
    "url": "https://wicg.github.io/BackgroundSync/spec"
  },
  {
    "ciuName": "mdn-api_bluetooth",
    "description": "This document describes an API to discover and communicate with devices over the Bluetooth 4 wireless standard using the Generic Attribute Profile (GATT).",
    "id": "web-bluetooth",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Web_Bluetooth_API",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=674737",
    "mozPosition": "harmful",
    "mozPositionDetail": "This API provides access to the Generic Attribute Profile (GATT) of Bluetooth, which is not the lowest level of access that the specifications allow, but its generic nature makes it impossible to clearly evaluate. Like <a href=\"#webusb\">WebUSB</a> there is significant uncertainty regarding how well prepared devices are to receive requests from arbitrary sites. The generic nature of the API means that this risk is difficult to manage. The Web Bluetooth CG has opted to only rely on user consent, which we believe is not sufficient protection. This proposal also uses a blocklist, which will require constant and active maintenance so that vulnerable devices aren't exploited. This model is unsustainable and presents a significant risk to users and their devices.",
    "mozPositionIssue": 95,
    "org": "Proposal",
    "title": "Web Bluetooth",
    "url": "https://webbluetoothcg.github.io/web-bluetooth/"
  },
  {
    "ciuName": null,
    "description": "This specification describes an API that can be used to retrieve the amount of budget an origin has available for resource consuming background operations, as well as the cost associated with doing such an operation.",
    "id": "budget-api",
    "mozBugUrl": null,
    "mozPosition": "non-harmful",
    "mozPositionDetail": "This specification is being abandoned.",
    "mozPositionIssue": 73,
    "org": "Proposal",
    "title": "Web Budget API",
    "url": "https://wicg.github.io/budget-api/"
  },
  {
    "ciuName": null,
    "description": "An API that allows web applications to encode and decode audio and video",
    "id": "web-codecs",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "This proposes a coherent set of APIs to address encoding and decoding of video and audio, which is designed to be extensible, composable, and address real use cases with good performance.",
    "mozPositionIssue": 209,
    "org": "Proposal",
    "title": "Web Codecs",
    "url": "https://github.com/WICG/web-codecs"
  },
  {
    "ciuName": null,
    "description": "This document defines a web platform API that allows script to asynchronously acquire a lock over a resource, hold it while work is performed, then release it. While held, no other script in the origin can acquire a lock over the same resource. This allows contexts (windows, workers) within a web application to coordinate the usage of resources.",
    "id": "web-locks",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Web_Locks_API",
    "mozBugUrl": "",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "The specification provides important web platform primitives for same-global and cross-global coordination and avoids requiring other APIs to grow their own transaction abstractions (ex: the Service Worker spec's Cache API).",
    "mozPositionIssue": 64,
    "org": "Proposal",
    "title": "Web Locks API",
    "url": "https://wicg.github.io/web-locks/"
  },
  {
    "ciuName": "midi",
    "description": "This specification defines an API supporting the MIDI (Musical Instrument Digital Interface) protocol, enabling web applications to enumerate and select MIDI input and output devices on the client system and send and receive MIDI messages. It is intended to enable non-music MIDI applications as well as music ones, by providing low-level access to the MIDI devices available on the users' systems.",
    "id": "webmidi",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/MIDIAccess",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=836897",
    "mozPosition": "under consideration",
    "mozPositionDetail": null,
    "mozPositionIssue": 58,
    "org": "W3C",
    "title": "Web MIDI API",
    "url": "https://webaudio.github.io/web-midi-api/"
  },
  {
    "ciuName": "webnfc",
    "description": "Near Field Communication (NFC) enables wireless communication between two devices at close proximity, usually less than a few centimeters. This document defines an API to enable selected use cases based on NFC technology. The current scope of this specification is NDEF. Low-level I/O operations (e.g. ISO-DEP, NFC-A/B, NFC-F) and Host-based Card Emulation (HCE) are not supported within the current scope.",
    "id": "web-nfc",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1308614",
    "mozPosition": "harmful",
    "mozPositionDetail": "We believe Web NFC poses risks to users security and privacy because of the wide range of functionality of the existing NFC devices on which it would be supported, because there is no system for ensuring that private information is not accidentally exposed other than relying on user consent, and because of the difficulty of meaningfully asking the user for permission to share or write data when the browser cannot explain to the user what is being shared or written.",
    "mozPositionIssue": 238,
    "org": "Proposal",
    "title": "Web NFC",
    "url": "https://w3c.github.io/web-nfc/"
  },
  {
    "ciuName": "web-share",
    "description": "This specification defines an API for sharing text, links and other content to an arbitrary destination of the user's choice.The available share targets are not specified here; they are provided by the user agent. They could, for example, be apps, websites or contacts.",
    "id": "web-share",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Navigator/share",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312422",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "This specification defines an API that invokes sharing features of the operating system, for passing information to other applications.  One risk of this is that having this as in-page user interface rather than in-browser user interface may reduce the relevance to the user of the information shown in the URL/location bar.  However, given the demand for this capability it seems like it is likely worth exposing to the Web, and we support prototyping this feature.",
    "mozPositionIssue": 27,
    "org": "W3C",
    "title": "Web Share API",
    "url": "https://w3c.github.io/web-share/"
  },
  {
    "ciuName": null,
    "description": "This specification defines an API that allows websites to declare themselves as web share targets, which can receive shared content from either the Web Share API, or system events (e.g., shares from native apps). This is a similar mechanism to navigator.registerProtocolHandler, in that it works by registering the website with the user agent, to later be invoked from another site or native application via the user agent (possibly at the discretion of the user). The difference is that registerProtocolHandler registers the handler via a programmatic API, whereas a Web Share Target is declared in the Web App Manifest, to be registered at a time of the user agent or user's choosing.",
    "id": "web-share-target",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1476515",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "This specification affords web applications the ability to handle user-initiated 'share' actions (e.g., sharing a link, image, text, or other media) in contexts that have traditionally been the exclusive domain of native and/or system applications. We believe this API is worth prototyping because it enhances the utility of web applications to end-users, and allows us to explore ways that web applications can more effectively integrate with the underlying operating system.",
    "mozPositionIssue": 27,
    "org": "Proposal",
    "title": "Web Share Target API",
    "url": "https://wicg.github.io/web-share-target/"
  },
  {
    "ciuName": null,
    "description": "This document describes a common data model and API for the Web of Things. The Web Thing Description provides a vocabulary for describing physical devices connected to the World Wide Web in a machine readable format with a default JSON encoding. The Web Thing REST API and Web Thing WebSocket API allow a web client to access the properties of devices, request the execution of actions and subscribe to events representing a change in state. Some basic Web Thing Types are provided and additional types can be defined using semantic extensions with JSON-LD. In addition to this specification there is a note on Web Thing API Protocol Bindings which proposes non-normative bindings of the Web Thing API to various existing IoT protocols. There is also a document describing Web of Things Integration Patterns which provides advice on different design patterns for integrating connected devices with the Web of Things, and where each pattern is most appropriate.",
    "id": "web-thing-api",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": null,
    "mozPositionIssue": 44,
    "org": "W3C",
    "title": "Web Thing API",
    "url": "https://iot.mozilla.org/wot/"
  },
  {
    "ciuName": null,
    "description": "128-bit vector data type and operations for webassembly",
    "id": "wasm-simd",
    "mdnUrl": null,
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1625130",
    "mozPosition": "important",
    "mozPositionDetail": "Supports common SIMD data type and operations important to C/C++/Rust programs targeting the web within domains such as graphics, video/audio encoding/decoding, and machine learning.",
    "mozPositionIssue": 491,
    "org": "W3C",
    "title": "WebAssembly SIMD",
    "url": "https://github.com/webassembly/simd/"
  },
  {
    "ciuName": null,
    "description": "This API defines an API surface for manipulating the bits on MediaStreamTracks being sent via an RTCPeerConnection.",
    "id": "webrtc-insertable-streams",
    "mdnUrl": null,
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "This approach provides sites a way to offer a form of end-to-end protection for media, especially in those very common cases where media for group sessions is managed by a central service. The proposed API, together with the SFrame proposal, provides sites the ability to limit the information that is exposed to the central service. Mozilla would prefer to include better key management than this approach proposes, perhaps using <a href=\"https://datatracker.ietf.org/doc/html/draft-ietf-mls-architecture\">MLS</a>, which might guarantee certain security and privacy gains for users. However, we recognize that this is not yet feasible and this API can provide security and privacy gains if carefully applied by sites.",
    "mozPositionIssue": 330,
    "org": "W3C",
    "title": "WebRTC Insertable Media using Streams",
    "url": "https://w3c.github.io/webrtc-insertable-streams/"
  },
  {
    "ciuName": "",
    "description": "Use cases about providing guarantees to users about the privacy of their WebRTC videoconferencing when the servers are not trusted but the JavaScript is.",
    "id": "webrtc-nv-use-cases-trusted-js",
    "mozBugUrl": null,
    "mozPosition": "harmful",
    "mozPositionDetail": "We believe the \"Untrusted JS\" alternative would allow browsers to provide useful guarantees to users about the security of their videoconferencing, but the \"Trusted JS\" variant would not, and seems likely to add unnecessary complexity.",
    "mozPositionIssue": 205,
    "org": "Proposal",
    "title": "WebRTC Next Version Use Cases: Trusted JavaScript",
    "url": "https://github.com/w3c/webrtc-nv-use-cases/pull/49/files"
  },
  {
    "ciuName": "webusb",
    "description": "This document describes an API for securely providing access to Universal Serial Bus devices from web pages.",
    "id": "webusb",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/USB",
    "mozBugUrl": null,
    "mozPosition": "harmful",
    "mozPositionDetail": "Because many USB devices are not designed to handle potentially-malicious interactions over the USB protocols and because those devices can have significant effects on the computer they're connected to, we believe that the security risks of exposing USB devices to the Web are too broad to risk exposing users to them or to explain properly to end users to obtain meaningful informed consent. It also poses risks that sites could use USB device identity or data stored on USB devices as tracking identifiers.",
    "mozPositionIssue": 100,
    "org": "Proposal",
    "title": "WebUSB API",
    "url": "https://wicg.github.io/webusb/"
  },
  {
    "ciuName": "webxr",
    "description": "This specification describes support for accessing virtual reality (VR) and augmented reality (AR) devices, including sensors and head-mounted displays, on the Web.",
    "id": "webxr",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/WebXR_Device_API",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1419190",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "The WebXR Device API is the basis for VR, MR, and AR on the web.  This is a significant and large suite of features.  There is the potential for XR to provide significant benefits, but also a number of risks to individual privacy and security due to the way that XR relies on sensors and environmental data.  Developing new interaction models also presents challenges and considerable work is required before new norms are established.  Mozilla is actively working on WebXR and supportive of its overall goals.  Our participation in and implementation of this API is critical to understanding the feature and learning how to empower users in managing the associated risks.",
    "mozPositionIssue": 218,
    "org": "Proposal",
    "title": "WebXR Device API",
    "url": "https://immersive-web.github.io/webxr/"
  },
  {
    "ciuName": null,
    "description": "Describes a method for performing hit tests against real world geometry to be used with the WebXR Device API.",
    "id": "webxr-hit-test",
    "mozBugUrl": null,
    "mozPosition": "defer",
    "mozPositionDetail": "We believe that (as of February 2020) more iteration on the specification draft is needed before we can establish a position.",
    "mozPositionIssue": 259,
    "org": "Proposal",
    "title": "WebXR Hit Test Module",
    "url": "https://immersive-web.github.io/hit-test/"
  },
  {
    "ciuName": null,
    "description": "This specification defines an API for running scripts in stages of the rendering pipeline independent of the main javascript execution environment.",
    "id": "worklets",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1315239",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "This specification is essential for allowing features like the CSS Paint API and CSS Layout API to be implemented in a safe way.",
    "mozPositionIssue": 93,
    "org": "W3C",
    "title": "Worklets",
    "url": "https://drafts.css-houdini.org/worklets"
  },
  {
    "ciuName": null,
    "description": "Zstandard, or \"zstd\" (pronounced \"zee standard\"), is a data compression mechanism. This document describes the mechanism and registers a media type and content encoding to be used when transporting zstd-compressed content via Multipurpose Internet Mail Extensions (MIME). Despite use of the word \"standard\" as part of its name, readers are advised that this document is not an Internet Standards Track specification; it is being published for informational purposes only.",
    "id": "zstd",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1301878",
    "mozPosition": "defer",
    "mozPositionDetail": "While we believe zstd is a promising technology, its use in a general-purpose web browser (given the existing slate of compression algorithms) has not been demonstrated to provide compelling new utility, and does not clearly warrant the additional maintenance cost and attack surface of adding such code. We are deferring a final position pending a more comprehensive and quantitative analysis of the benefits zstd would unlock on the web today - either dictionary-less, with static dictionaries, or with dynamic dictionaries. For either of the latter two options, we'd also need a credible plan for generating and delivering those dictionaries that aligns with our values.",
    "mozPositionIssue": 105,
    "org": "IETF",
    "title": "Zstandard Compression and the application/zstd Media Type",
    "url": "https://tools.ietf.org/html/rfc8478"
  },
  {
    "ciuName": "dialog",
    "description": "The dialog element represents a part of an application that a user interacts with to perform a task, for example a dialog box, inspector, or window.",
    "id": "dialog-element",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=840640",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "A high-level HTML feature for authors to achieve these use cases while getting a11y right seems useful, and we have an implementation.",
    "mozPositionIssue": 388,
    "org": "WHATWG",
    "title": "dialog element",
    "url": "https://html.spec.whatwg.org/multipage/interactive-elements.html#the-dialog-element"
  },
  {
    "ciuName": "mdn-html_global_attributes_enterkeyhint",
    "description": "The enterkeyhint attribute specifies what action label (or icon) to present for the enter key on virtual keyboards.",
    "id": "enterkeyhint-attr",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1490661",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": null,
    "mozPositionIssue": 68,
    "org": "WHATWG",
    "title": "enterkeyhint attribute",
    "url": "https://html.spec.whatwg.org/multipage/interaction.html#attr-enterkeyhint"
  },
  {
    "ciuName": "mdn-api_htmlelement_inert",
    "description": "Allow arbitrary DOM subtrees to become inert",
    "id": "inert-attr",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=921504",
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "A high-level tool for authors to achieve some of these use cases while getting a11y right seems useful",
    "mozPositionIssue": 174,
    "org": "WHATWG",
    "title": "inert attribute",
    "url": "https://github.com/whatwg/html/pull/4288"
  },
  {
    "ciuName": null,
    "description": "Proposal to add various output attributes on HTML's &lt;input> elements that would allow developers to declare some conversions the browser could do to, for example, images and videos.",
    "id": "input-file-output-attributes",
    "mozBugUrl": null,
    "mozPosition": "non-harmful",
    "mozPositionDetail": "While this seems like it could be a useful capability to expose, we'd rather see it exposed in a way that can be composed with other existing APIs, and we're concerned that there's a risk of runaway complexity through adding more and more features to it.",
    "mozPositionIssue": 237,
    "org": "Proposal",
    "title": "output attributes on &lt;input type=file> element",
    "url": "https://discourse.wicg.io/t/proposal-native-media-optimization-and-basic-editing-support/4068"
  },
  {
    "ciuName": "mdn-css_at-rules_page_page-orientation",
    "description": "A descriptor for CSS @page rules that changes the orientation of the page in generated PDF output (or similar) without otherwise affecting layout.",
    "id": "page-orientation-descriptor",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "This is a simple addition (to a relatively complex existing feature, <a href=\"https://drafts.csswg.org/css-page-3/#using-named-pages\">named pages</a>) that can improve the experience of producing printed PDF output from web-based word processors or similar systems that largely do their own page layout.",
    "mozPositionIssue": 346,
    "org": "W3C",
    "title": "page-orientation descriptor",
    "url": "https://drafts.csswg.org/css-page-3/#page-orientation-prop"
  },
  {
    "ciuName": null,
    "description": "An attribute that specifies the rules for generating acceptable passwords.",
    "id": "passwordrules-attribute",
    "mozBugUrl": null,
    "mozPosition": "harmful",
    "mozPositionDetail": "We believe this proposal, as drafted, encourages bad practices around passwords without encouraging good practices (such as minimum password length), and further has ambiguous and conflicting overlap with existing input validity attributes.  We believe the existing input validity attributes and API are sufficient for expressing password requirements.",
    "mozPositionIssue": 61,
    "org": "WHATWG",
    "title": "passwordrules attribute",
    "url": "https://github.com/whatwg/html/issues/3518"
  },
  {
    "ciuName": null,
    "description": "The new scroll events introduced in this document provide web developers a way to listen to the state of the scrolling and when their content is being overscrolled or when the scrolling has finished. This information will be useful for the effects such as pull to refresh or history swipe navigations in the web apps.",
    "id": "scrollend-and-overscroll-events",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "We believe these are likely to provide frequently-requested functionality that is useful for many web applications.",
    "mozPositionIssue": 240,
    "org": "Proposal",
    "title": "scrollend and overscroll events",
    "url": "https://github.com/w3c/csswg-drafts/pull/4537"
  },
  {
    "ciuName": null,
    "description": "The template element is used to declare fragments of HTML that can be cloned and inserted in the document by script.",
    "id": "template-element",
    "mozBugUrl": null,
    "mozPosition": "worth prototyping",
    "mozPositionDetail": "A reasonable addition to HTML (and XML), if not somewhat taxing on the parser.",
    "mozPositionIssue": 60,
    "org": "WHATWG",
    "title": "template element",
    "url": "https://html.spec.whatwg.org/multipage/scripting.html#the-template-element"
  },
  {
    "ciuName": null,
    "description": "An event that fires when the user's timezone changes.",
    "id": "timezonechange-event",
    "mozBugUrl": null,
    "mozPosition": "defer",
    "mozPositionDetail": "The timing of the delivery of this event to sites might expose users to cross-site tracking. How that risk is mitigated has not yet been decided, and that decision is likely to influence our position.",
    "mozPositionIssue": 241,
    "org": "WHATWG",
    "title": "timezonechange event",
    "url": "https://github.com/whatwg/html/pull/3047"
  }
]