Performance control of embedded content #911
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alisonmaher
reviewed
Dec 5, 2024
aluhrs13
reviewed
Jan 6, 2025
| | **C: Globals**<br>**Description:** Overall media and system resource usage constraints. | **- Cumulative resource consumption limits per interaction:**<br>* Caps on total media usage. No more than a total of X.<br>* Limits on iframe count. No more than a total of 10.<br>* Limits of iframe depth. No more than a depth of 10.<br>* CPU usage before first interaction: XMB. | - Report violations via Reporting API.<br>- Do not load media at all. <br>- Do not load iframes that surpass the depth. | | ||
| | **D: Script**<br>**Description:** Strict JavaScript restrictions. | **-Additional JS limits:**<br>* Long tasks in the main thread.<br>* High CPU usage.<br>* Workers with long tasks that exceed Xms.<br> | - Report violations via Reporting API.<br>- Stopping JavaScript if [in the background]. | | ||
|
|
||
| ### Discussion of different categories |
|
|
||
| #### Global budgets and side-channel attacks | ||
| The criteria proposed in this document includes budgets which are shared globally across documents. This could allow for documents to learn things about cross-origin documents, as described in the [Never Slow Mode explainer](https://github.com/slightlyoff/never_slow_mode?tab=readme-ov-file#global-limits). We consider the same alternatives as NSM as viable for this proposal: | ||
| * Require CORS |
There was a problem hiding this comment.
Agree with Alison - I don't think we should be referencing the NSM doc like this, we should take the contents we care about from it instead.
…hub.com/nishitha-burman/MSEdgeExplainers into performance-control-of-embedded-content
anolan4
reviewed
Jan 25, 2025
anolan4
reviewed
Jan 25, 2025
| | ------------- | -------- | ------------------- | | ||
| | **A: Basic**<br>**Description**: Basic web development best practices that are scenario-agnostic. | **- Text resources must be compressed** (HTML, CSS, JS, JSON).<br> - **Unzipped assets are flagged.**<br> - **Oversized assets are flagged:**<br>* Assets larger than ?KB embedded via `data:...` URLs.<br>* Image files larger than ?KB served in last generation formats.<br> * Web fonts that are larger than ?KB. | - Reporting violations via Reporting API.<br> - Assets not rendered.<br> UI indicator to block out images that are too large. | | ||
| | **B: Early-script**<br>**Description**: JavaScript constraints during load to enhance performance and minimize impact on user experience before interaction begins. | **- JS limits:**<br>* Total limits on JS served prior to user interaction: ?MB<br>* Scripts must contain `content-length` headers<br>* No non-compositor thread animations (e.g. animated SVGs, loading spinners, etc.). | - Report violations via Reporting API.<br> - Loading of scripts that violate the limit are paused/blocked.<br> - Pause/disconnect animations that are not visible, interacted with. | | ||
| | **C: Globals**<br>**Description:** Overall media and system resource usage constraints. | **- Cumulative resource consumption limits per interaction:**<br>* Caps on total media usage. No more than a total of ?.<br>* Limits on iframe count. No more than a total of ?.<br>* Limits of iframe depth. No more than a depth of ?.<br>* CPU usage before first interaction: ?MB. | - Report violations via Reporting API.<br>- Do not load media at all. <br>- Do not load iframes that surpass the depth. | |
There was a problem hiding this comment.
I noticed we talk about memory and CPU earlier but only CPU here. Is memory intentionally left out of the criteria section?
There was a problem hiding this comment.
Similar with battery actually, although I can understand why that is left out.
There was a problem hiding this comment.
Some memory impacting features were captured in the "Basic" category, however the specifics of the criteria are still in progress so happy to discuss if you think a particular criteria should be included!
aluhrs13
approved these changes
Jan 30, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
First draft of explainer for performance control of embedded content.