[css-color-hdr] Add permission policy (or other mechanism) to irreversibly limit EDR in iframes #11704
Labels
css-color-hdr
CSS HDR extension
Comments
|
The CSS Working Group just discussed The full IRC log of that discussion<jcraig> scribe+ jcraig<jcraig> rrsagent, make minutes <RRSAgent> I have made the request to generate https://www.w3.org/2025/02/26-css-minutes.html jcraig <jcraig> scribe+ weinig <weinig> smfr, issues is ads in cross origin frames showing hdr <weinig> ... one way to got is not allowing HDR cross origin <weinig> ... or we could use the property <jcraig> s/simon: /smfr: /g <weinig> ... or do we want to add to the iframe attribute that grants permissions <jcraig> s/smfr, /smfr: / <weinig> ... Is the definition of the css property on an iframe even specified? <weinig> ... does it apply to all the contents? <weinig> astearns:, do we have any cases where things don't propagate down into an iframe? <weinig> smfr:, I think HDR is a little special, and we should we say something <weinig> ChrisL:, this is a about stoping ads doing bad things <weinig> smfr:, yes, but it is also about explicitly letting some cross origin iframes <pal> q+ <weinig> ... this is partially a HTML issue, since the attribute would be in HTML <weinig> astearns: the permission policy would be an attribute? <jcraig> rrsagent, make minutes <weinig> smfr: yes <RRSAgent> I have made the request to generate https://www.w3.org/2025/02/26-css-minutes.html jcraig <weinig> ChrisL: is this being discussed in HTML? <weinig> smfr: I don't think so <astearns> ack pal <weinig> pal: this is complex, but someone who made an HDR video would be upset if they got squashed when embedded <weinig> smfr: yeah, we currently always allow HDR on video <weinig> ... so we may want to allow it to always work cross origin <weinig> pal: codepen is an extreme example, because it wants the iframe to be perfect <weinig> ... would be good to hear from website authors <weinig> ... the default of showing in HDR is better than not, but can be jarring <weinig> astearns: not sure who filed the issue, but the person who filed the issue seemed to want to be able to limit things <weinig> smfr: actually, it was filed by a webkit engineer <weinig> ... but others have mentioned a concern of ads <weinig> pal: isn't the only thing you would ever want to do is make it all sdr? <weinig> smfr: not sure, might have HDR but not want flashy ads to be HDR <weinig> pal: I think the website should probably have control <weinig> smfr: I think both the website author and user <weinig> ... defaults we choose are important <weinig> astearns: and giving authors the tools <weinig> ... no way to currently allow a hosting page to say it only wants sdr <weinig> smfr: this is a sleeping problem, since we only just started shipping HDR now <weinig> weinig: I am not sure the issue of an embedded YouTube not being HDR is that big a deal <weinig> ... you can always put a tinted div over a video <weinig> ... letting the hosting site make things SDR seems fine <weinig> jcraig: we had a similar issue internally with a feature that dims things automatically when things are flashy, and there was a question of whether it was ok to change the artists intent <weinig> ... but ultimately, allowing the user to have the control was the way to go <weinig> pal: movies are mastered under the idea they will be the only thing displayed <weinig> ChrisL: yeah, but we can't do that on the web, we have to allow mixed content <weinig> pal: yeah, when a movie is watched on the web, it is already compromised <weinig> ... image gallery much more complicated <weinig> astearns: ok, good talk, lets take this back to the issue |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
(Originally brought up in #11558)
As a naive web author, I would like to do something like:
dynamic-range-limit: constrainedHDR,high/no-limit;standard, and prevent it from ever going any higher.Could there be a permission policy that can be applied to iframes, e.g.:
allow="extended-dynamic-range",allow="constrained-extended-dynamic-range"? (Or something more flexible with options that match current/futuredynamic-range-limitvalues.)Other ideas?
The text was updated successfully, but these errors were encountered: