activities.json

[
  {
    "ciuName": null,
    "description": "Adds imagesrcset and imagesizes attributes to <link> which correspond to the srcset and sizes attributes of <img> respectively, for the purposes of preloading.",
    "id": "image-preload",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1515760",
    "mozPosition": "positive",
    "mozPositionDetail": "A relevant aspect of <link rel=preload> support.",
    "mozPositionIssue": 130,
    "org": "WHATWG",
    "title": "<link>'s imagesrcset and imagesizes attributes",
    "url": "https://html.spec.whatwg.org/multipage/semantics.html#attr-link-imagesrcset"
  },
  {
    "ciuName": null,
    "description": "This specification defines a well-known URL that sites can use to make their change password forms discoverable by tools. This simple affordance provides a way for software to help the user find the way to change their password.",
    "id": "change-password-url",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": null,
    "mozPositionIssue": 372,
    "org": "Proposal",
    "title": "A Well-Known URL for Changing Passwords",
    "url": "https://wicg.github.io/change-password-url/"
  },
  {
    "ciuName": null,
    "description": "",
    "id": "aria-annotations",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1608975",
    "mozPosition": "positive",
    "mozPositionDetail": "This contains changes needed to support screen reader accessibility of comments, suggestions, and other annotations in published documents and online word processing applications.",
    "mozPositionIssue": 253,
    "org": "W3C",
    "title": "ARIA Annotations",
    "url": "https://github.com/aleventhal/aria-annotations"
  },
  {
    "ciuName": null,
    "description": "This document describes an API providing access to accelerated shape detectors (e.g. human faces) for still images and/or live image feeds.",
    "id": "shape-detection-api",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1553738",
    "mozPosition": "defer",
    "mozPositionDetail": "We're concerned about possible complexity, variations in support between operating systems, and possible fingerprinting surface, but we'd like to wait and see how this proposal evolves.",
    "mozPositionIssue": 21,
    "org": "Proposal",
    "title": "Accelerated Shape Detection in Images",
    "url": "https://wicg.github.io/shape-detection-api"
  },
  {
    "ciuName": null,
    "description": "This memo introduces an informational HTTP status code that can be used to convey hints that help a client make preparations for processing the final response.",
    "id": "http-early-hints",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1407355",
    "mozPosition": "positive",
    "mozPositionDetail": "We believe that experimentation with the 103 response code is worthwhile. We do have some concerns about the lack of clear interaction with Fetch, which we hope will be specified before the mechanism is put into widespread use.",
    "mozPositionIssue": 134,
    "org": "IETF",
    "title": "An HTTP Status Code for Indicating Hints (103)",
    "url": "https://tools.ietf.org/html/rfc8297"
  },
  {
    "ciuName": null,
    "description": "A proposal for an 'asynchronous atomic wait' for ECMAScript, primarily for use in agents that are not allowed to block.",
    "id": "atomics-wait-async",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1467846",
    "mozPosition": "positive",
    "mozPositionDetail": "Represents a meaningful way for the main thread to interact with blocking concurrent patterns in workers and other off-thread work.",
    "mozPositionIssue": 433,
    "org": "Ecma",
    "title": "Atomics.waitAsync",
    "url": "https://tc39.es/proposal-atomics-wait-async/"
  },
  {
    "ciuName": null,
    "description": "This API will help by improving the audio-mixing of websites with native apps, so they can play on top of each other, or play exclusively.",
    "id": "audio-focus",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1579791",
    "mozPosition": "positive",
    "mozPositionDetail": "This proposes a straightforward API for improving mixing of audio produced by website.",
    "mozPositionIssue": 203,
    "org": "Proposal",
    "title": "Audio Focus API",
    "url": "https://wicg.github.io/audio-focus/explainer"
  },
  {
    "ciuName": null,
    "description": "Allow authors to omit the 'sizes' attribute, use the keyword 'auto', for responsive lazy images in HTML to let the browser use the layout size from CSS or width/height attributes.",
    "id": "img-auto-sizes",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1816615",
    "mozPosition": "positive",
    "mozPositionDetail": "This proposal makes it easier for web developers to use responsive images. There is some risk that the behavior of cached images can cause flicker in some cases.",
    "mozPositionIssue": 650,
    "org": "WHATWG",
    "title": "Auto-sizes for lazy-loaded images",
    "url": "https://github.com/whatwg/html/pull/8008"
  },
  {
    "ciuName": null,
    "description": "This specification provides web developers the ability to detect if automatically starting the playback of a media file is allowed in different situations.",
    "id": "autoplay-policy-detection",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Navigator/getAutoplayPolicy",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1773551",
    "mozPosition": "positive",
    "mozPositionDetail": "This API provides a convenient and synchronous answer to whether a particular kind of media can autoplay, which is something web developers are currently detecting either with various hacks or through UA detection. This doesn't expose new information for fingerprinting (see w3c/autoplay#24) as media elements already expose through events which media will autoplay by trying to autoplay.",
    "mozPositionIssue": 675,
    "org": "W3C",
    "title": "Autoplay Policy Detection",
    "url": "https://w3c.github.io/autoplay/"
  },
  {
    "ciuName": null,
    "description": "This specification defines an API allowing web applications to set an application-wide badge, shown in an operating-system-specific place associated with the application (such as the shelf or home screen), for the purpose of notifying the user when the state of the application has changed (e.g., when new messages have arrived), without showing a more heavyweight notification.",
    "id": "badging",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": null,
    "mozPositionIssue": 108,
    "org": "Proposal",
    "title": "Badging API",
    "url": "https://wicg.github.io/badging/"
  },
  {
    "ciuName": "bigint",
    "description": "This proposal adds arbitrary-precision integers to ECMAScript.",
    "id": "bigint",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1366287",
    "mozPosition": "neutral",
    "mozPositionDetail": "Shipping in Firefox.",
    "mozPositionIssue": 65,
    "org": "Ecma",
    "title": "BigInt",
    "url": "https://tc39.github.io/proposal-bigint/"
  },
  {
    "ciuName": null,
    "description": "Bundled exchanges provide a way to bundle up groups of HTTP request+response pairs to transmit or store them together. They can include multiple top-level resources with one identified as the default by a manifest, provide random access to their component exchanges, and efficiently store 8-bit resources.",
    "id": "bundled-exchanges",
    "mozBugUrl": null,
    "mozPosition": "neutral",
    "mozPositionDetail": "The mechanism as currently sketched out seems to provide potentially useful functionality for a number of use cases. This is a complex mechanism, and substantial detail still needs to be filled in. We believe the general intent of the feature is well-enough defined to designate as \"non-harmful\" at this time (rather than \"defer\"), although we anticipate potentially revisiting this decision as the mechanism is refined.",
    "mozPositionIssue": 264,
    "org": "Proposal",
    "title": "Bundled HTTP Exchanges",
    "url": "https://tools.ietf.org/html/draft-yasskin-wpack-bundled-exchanges"
  },
  {
    "ciuName": "streams",
    "description": "Byte streams are a specialization of <a href=\"#streams\">Streams</a> that are designed to deal with raw bytes.",
    "id": "byte-streams",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Streams_API#ByteStream-related_interfaces",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "Byte streams are a useful specialization of streams that is well suited to performant I/O and they are well integrated with Typed Arrays.",
    "mozPositionIssue": 457,
    "org": "WHATWG",
    "title": "Byte Streams",
    "url": "https://streams.spec.whatwg.org/"
  },
  {
    "ciuName": null,
    "description": "Extends the COLR table in OpenType fonts with a new format supporting richer graphical capabilities for emoji (and similar) glyph design.",
    "id": "font-colrv1",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740525",
    "mozPosition": "positive",
    "mozPositionDetail": "Provides comparable design capabilities to OpenType-SVG, but in a more compact and lightweight form that integrates better into font rendering pipelines. Has the potential to supersede OpenType-SVG fonts in web use.",
    "mozPositionIssue": 497,
    "org": "Proposal",
    "title": "COLR v1 Fonts",
    "url": "https://github.com/googlefonts/colr-gradients-spec/"
  },
  {
    "ciuName": "",
    "description": "CSS Cascade Layers provides a structured way to organize related style rules within a single origin. Rules within a single cascade layer cascade together, without interleaving with style rules outside the layer.",
    "id": "css-cascade-layers",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1699214",
    "mozPosition": "positive",
    "mozPositionDetail": "This feature provides a way to abstract CSS rules in style sheets, supported in popular CSS frameworks/pre-processors, and a frequent web developer request. Though the specification is in early stages, the goal is worth pursuing.",
    "mozPositionIssue": 471,
    "org": "W3C",
    "title": "CSS Cascade Layers",
    "url": "https://drafts.csswg.org/css-cascade-5/#layering"
  },
  {
    "ciuName": "css-container-queries",
    "description": "CSS container queries allow conditional CSS based on aspects of elements within the document (such as box dimensions or computed styles).",
    "id": "css-container-queries",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_Container_Queries",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1744221",
    "mozPosition": "positive",
    "mozPositionDetail": "This feature addresses a long-standing request from web developers. It allows web content to be declaratively styled to make it context-aware and responsive, to a much greater degree than would be possible otherwise.  We think this is a challenge that's worth solving, and we think this feature is a good way to address it.",
    "mozPositionIssue": 118,
    "org": "W3C",
    "title": "CSS Container Queries",
    "url": "https://drafts.csswg.org/css-contain-3/#container-queries"
  },
  {
    "ciuName": "css-subgrid",
    "description": "This draft defines additions to CSS Grid, primarily for the subgrid feature.",
    "id": "subgrid",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1349043",
    "mozPosition": "positive",
    "mozPositionDetail": "Subgrid adds a critical enhancement to CSS Grid, in particular for many CSS Grid use-cases that require alignment across nested semantic elements.",
    "mozPositionIssue": 125,
    "org": "W3C",
    "title": "CSS Grid Layout Module Level 2",
    "url": "https://drafts.csswg.org/css-grid-2/"
  },
  {
    "ciuName": null,
    "description": "An API for allowing web developers to define their own layout modes with javascript.",
    "id": "css-layout-api",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1302337",
    "mozPosition": "positive",
    "mozPositionDetail": "This specification allows developing prototypes of new CSS layout systems and provides an escape hatch for developers when the existing systems aren't good enough for a particular piece of a web page.",
    "mozPositionIssue": 93,
    "org": "W3C",
    "title": "CSS Layout API",
    "url": "https://drafts.css-houdini.org/css-layout-api-1"
  },
  {
    "ciuName": "css-paint-api",
    "description": "An API for allowing web developers to define a custom CSS &lt;image> with javascript, which will respond to style and size changes.",
    "id": "css-paint-api",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/CSS_Painting_API",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1302328",
    "mozPosition": "positive",
    "mozPositionDetail": "This specification allows developing prototypes of new graphical CSS features and provides an escape hatch for developers when the existing features aren't good enough for a particular piece of a web page.",
    "mozPositionIssue": 93,
    "org": "W3C",
    "title": "CSS Painting API",
    "url": "https://drafts.css-houdini.org/css-paint-api-1"
  },
  {
    "ciuName": null,
    "description": "This CSS module defines an API for registering new CSS properties. Properties registered using this API are provided with a parse syntax that defines a type, inheritance behaviour, and an initial value.",
    "id": "css-properties-and-values-api",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273706",
    "mozPosition": "positive",
    "mozPositionDetail": "This specification makes it significantly easier to use CSS custom properties in ways that are more like regular CSS properties.",
    "mozPositionIssue": 93,
    "org": "W3C",
    "title": "CSS Properties and Values API",
    "url": "https://drafts.css-houdini.org/css-properties-values-api-1"
  },
  {
    "ciuName": "mdn-css_at-rules_property",
    "description": "The @property rule represents a custom property registration directly in a stylesheet without having to run any JS.",
    "id": "at-property",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "Having a declarative registration mechanism for custom properties is a good addition to CSS Properties and Values API.",
    "mozPositionIssue": 331,
    "org": "W3C",
    "title": "CSS Properties and Values API: @property",
    "url": "https://drafts.css-houdini.org/css-properties-values-api-1#at-property-rule"
  },
  {
    "ciuName": null,
    "description": "This specification defines the ::part() and ::theme() pseudo-elements on shadow hosts, allowing shadow hosts to selectively expose chosen elements from their shadow tree to the outside page for styling purposes.",
    "id": "css-shadow-parts",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": null,
    "mozPositionIssue": 59,
    "org": "W3C",
    "title": "CSS Shadow Parts",
    "url": "https://drafts.csswg.org/css-shadow-parts"
  },
  {
    "ciuName": null,
    "description": "Converting CSSOM value strings into meaningfully typed JavaScript representations and back can incur a significant performance overhead. This specification exposes CSS values as typed JavaScript objects to facilitate their performant manipulation.",
    "id": "css-typed-om",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1278697",
    "mozPosition": "positive",
    "mozPositionDetail": "This specification provides an easier way to manipulate the CSS object model.",
    "mozPositionIssue": 93,
    "org": "W3C",
    "title": "CSS Typed OM",
    "url": "https://drafts.css-houdini.org/css-typed-om-1"
  },
  {
    "ciuName": "mdn-css_properties_overflow_clip",
    "description": "overflow:clip is a feature of CSS Overflow Module Level 3 that is similar to overflow:hidden except without a formatting context or programmatic scrollability.",
    "id": "css-overflow-clip",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/CSS/overflow",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1531609",
    "mozPosition": "positive",
    "mozPositionDetail": "This feature is both a useful declarative presentational feature for web developers and standardizes a non-standard -moz prefixed value.",
    "mozPositionIssue": 418,
    "org": "W3C",
    "title": "CSS overflow clip",
    "url": "https://drafts.csswg.org/css-overflow-3/#valdef-overflow-clip"
  },
  {
    "ciuName": null,
    "description": "This specification defines a HTTP/2 frame type to allow clients to inform the server of their cache's contents. Servers can then use this to inform their choices of what to push to clients.",
    "id": "http-cache-digest",
    "mozBugUrl": null,
    "mozPosition": "neutral",
    "mozPositionDetail": "This is experimental technology that might improve the use of server push by giving servers information about what is cached. It is still unclear how much this might improve performance; more experimentation is likely necessary to prove this out.",
    "mozPositionIssue": 131,
    "org": "IETF",
    "title": "Cache Digests for HTTP/2",
    "url": "https://tools.ietf.org/html/draft-ietf-httpbis-cache-digest"
  },
  {
    "ciuName": null,
    "description": "This document defines an imperative mechanism which allows web developers to instruct a user agent to clear a site's locally stored data related to a host.",
    "id": "clear-site-data",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1268889",
    "mozPosition": "positive",
    "mozPositionDetail": "This feature is useful for sites to be able to recover from mistakes in deployment of certain web technologies like Service Workers, and thus makes them more confident about deploying such technology.",
    "mozPositionIssue": 90,
    "org": "W3C",
    "title": "Clear Site Data",
    "url": "https://w3c.github.io/webappsec-clear-site-data/"
  },
  {
    "ciuName": null,
    "description": "This document describes APIs for accessing data on the system clipboard. It provides operations for overriding the default clipboard actions (cut, copy and paste), and for directly accessing the clipboard contents.",
    "id": "clipboard-apis",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Clipboard",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1619251",
    "mozPosition": "positive",
    "mozPositionDetail": "Async Clipboard API is an improvement over execCommand for accessing the clipboard. Security concerns are addressed by gating on user activation and a non-modal dialog.",
    "mozPositionIssue": 89,
    "org": "W3C",
    "title": "Clipboard API and events",
    "url": "https://w3c.github.io/clipboard-apis/"
  },
  {
    "ciuName": null,
    "description": "This document defines a set of JavaScript APIs to compress and decompress streams of binary data.",
    "id": "compression-streams",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "This provides a small API wrapper around compression formats implementations already have to support and hopefully leads to more things being compressed due to ease-of-use.",
    "mozPositionIssue": 207,
    "org": "Proposal",
    "title": "Compression Streams",
    "url": "https://wicg.github.io/compression/"
  },
  {
    "ciuName": null,
    "description": "This draft defines additions to CSSOM to make CSSStyleSheet objects directly constructable, along with a way to use them in DocumentOrShadowRoots.",
    "id": "construct-stylesheets",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": null,
    "mozPositionIssue": 103,
    "org": "Proposal",
    "title": "Constructable Stylesheet Objects",
    "url": "https://wicg.github.io/construct-stylesheets/"
  },
  {
    "ciuName": null,
    "description": "This proposal adds an API for prompting and querying the user\u2019s contacts for one or more items with a handful of contact properties.",
    "id": "contact-picker",
    "mozBugUrl": null,
    "mozPosition": "defer",
    "mozPositionDetail": "This API innovates in some ways beyond several previous Contacts APIs, though uses different properties than HTML autofill field names.",
    "mozPositionIssue": 153,
    "org": "Proposal",
    "title": "Contact Picker API",
    "url": "https://wicg.github.io/contact-api/spec/"
  },
  {
    "ciuName": null,
    "description": "This document defines a mechanism by which a web page can embed a nested browsing context if and only if it agrees to enforce a particular set of restrictions upon itself.",
    "id": "cspee",
    "mozBugUrl": null,
    "mozPosition": "neutral",
    "mozPositionDetail": "This specification allows sites to specify minimum CSP policies for embedded content. The risk of problems arising from misalignment between different policies is managed well. The resulting complexity is not trivial, but it is balanced against the security improvements.",
    "mozPositionIssue": 326,
    "org": "W3C",
    "title": "Content Security Policy: Embedded Enforcement",
    "url": "https://w3c.github.io/webappsec-cspee/"
  },
  {
    "ciuName": "cookie-store-api",
    "description": "An asynchronous Javascript cookies API for documents and workers",
    "id": "cookie-store",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1475599",
    "mozPosition": "defer",
    "mozPositionDetail": "This API provides better access to cookies. However, the improvements also expand access to cookie metadata and the interactions with privacy features like the Storage Access API are unclear. Work on improving cookie interoperability, which is ongoing, might be needed before an assessment can be made.",
    "mozPositionIssue": 94,
    "org": "Proposal",
    "title": "Cookie Store API",
    "url": "https://wicg.github.io/cookie-store/"
  },
  {
    "ciuName": null,
    "description": "Defines the Partitioned cookie attribute. This attribute will indicate to user agents that these cross-site cookies should only be available in the same top-level context that the cookie was created in.",
    "id": "chips",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "This spec provides an opt-in mechanism to enable partitioned cookies. This allows more browsers to support partitioned cookies, and once adopted by sites can facilitate the default blocking of third-party cookies.",
    "mozPositionIssue": 678,
    "org": "W3C",
    "title": "Cookies Having Independent Partitioned State",
    "url": "https://github.com/privacycg/CHIPS"
  },
  {
    "ciuName": null,
    "description": "This document defines a mechanism for reporting browser crashes to site owners through the use of the Reporting API.",
    "id": "crash-reporting",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1607364",
    "mozPosition": "positive",
    "mozPositionDetail": "This seems like it could be a useful addition to the reporting API.  We're not yet confident what level of user consent is needed, but we can experiment with that without changes to the specification.",
    "mozPositionIssue": 288,
    "org": "Proposal",
    "title": "Crash Reporting",
    "url": "https://wicg.github.io/crash-reporting/"
  },
  {
    "ciuName": "credential-management",
    "description": "This specification describes an imperative API enabling a website to request a user\u2019s credentials from a user agent, and to help the user agent correctly store user credentials for future use.",
    "id": "credman",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1156047",
    "mozPosition": "defer",
    "mozPositionDetail": "Development of the specification seems to have stalled and it's also not a priority for Mozilla.",
    "mozPositionIssue": 172,
    "org": "W3C",
    "title": "Credential Management Level 1",
    "url": "https://w3c.github.io/webappsec-credential-management/"
  },
  {
    "ciuName": null,
    "description": "Blocklist certain opaque responses based on MIME type and return an 'emptied' response instead.",
    "id": "corb",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1459357",
    "mozPosition": "neutral",
    "mozPositionDetail": "While this is an important aspect of a robust Spectre-defense, we would like to see a safelist-based approach pursued, e.g., <a href=\"https://github.com/annevk/orb\">Opaque Response Blocking</a>.",
    "mozPositionIssue": 81,
    "org": "Proposal",
    "title": "Cross-Origin Read Blocking (CORB)",
    "url": "https://chromium.googlesource.com/chromium/src/+/master/services/network/cross_origin_read_blocking_explainer.md"
  },
  {
    "ciuName": null,
    "description": "Add support for Curve25519 algorithms in the Web Cryptography API, namely the signature algorithm Ed25519 and the key agreement algorithm X25519.",
    "id": "webcrypto-curve25519",
    "mozBugUrl": "",
    "mozPosition": "positive",
    "mozPositionDetail": "We are in favor of this work, but would like to see it have a path to standardization.  When doing that, it may be worth reconsidering some of the \"no seatbelts\" aspects of WebCrypto more generally, and perhaps adding other algorithms as well.",
    "mozPositionIssue": 271,
    "org": "Proposal",
    "title": "Curve25519 in the Web Cryptography API",
    "url": "https://github.com/tQsW/webcrypto-curve25519"
  },
  {
    "ciuName": "custom-elementsv1",
    "description": "A way to create new HTML elements implemented through JavaScript.",
    "id": "custom-elements",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "A welcome successor to XBL!",
    "mozPositionIssue": 60,
    "org": "WHATWG",
    "title": "Custom elements",
    "url": "https://html.spec.whatwg.org/multipage/custom-elements.html#custom-elements"
  },
  {
    "ciuName": null,
    "description": "Declarative creation of Shadow DOM is a new capability that allows a webpage to be more fully constructed server side, without requiring JavaScript to run.",
    "id": "declarative-shadow-dom",
    "mdnUrl": null,
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1712140",
    "mozPosition": "positive",
    "mozPositionDetail": "This is a reasonable proposal which takes into account the various constraints and security considerations that come with changing the HTML parser.",
    "mozPositionIssue": 335,
    "org": "WHATWG",
    "title": "Declarative Shadow DOM",
    "url": "https://github.com/whatwg/html/pull/5465"
  },
  {
    "ciuName": null,
    "description": "This will allow custom elements to have \"default\" accessibility semantics, analogous to how built-in elements have \"implicit\" or \"native\" semantics.",
    "id": "custom-elements-a11y",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "This is an important addition to custom elements as otherwise they'd have to publicly expose their internals in order to get accessibility correct.",
    "mozPositionIssue": 201,
    "org": "WHATWG",
    "title": "Default Accessibility Semantics for Custom Elements",
    "url": "https://github.com/whatwg/html/pull/4658"
  },
  {
    "ciuName": "document-policy",
    "description": "Document policy allows content to define a policy that constrains embedded content.",
    "id": "document-policy",
    "mozBugUrl": null,
    "mozPosition": "neutral",
    "mozPositionDetail": "The mechanism described provides sites greater control over embedded content. Constraints are accepted by content or the browser does not load the content. This ensures that policies are effective without risk of content breaking in inexplicable ways due to those policies. The specification needs a lot more work, but no significant problems are apparent or anticipated.",
    "mozPositionIssue": 327,
    "org": "W3C",
    "title": "Document Policy",
    "url": "https://w3c.github.io/webappsec-feature-policy/document-policy.html"
  },
  {
    "ciuName": null,
    "description": "This document defines a simple mechanism for encrypting the Server Name Indication for TLS 1.3.",
    "id": "tls-esni",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1494901",
    "mozPosition": "positive",
    "mozPositionDetail": "This feature enables encryption of the server name in connection attempts. It provides much-needed protection against attempts by network observers to see what people are doing. This work is complementary with efforts to encrypt DNS requests that we are also driving.",
    "mozPositionIssue": 139,
    "org": "IETF",
    "title": "Encrypted Server Name Indication for TLS 1.3",
    "url": "https://tools.ietf.org/html/draft-ietf-tls-esni"
  },
  {
    "ciuName": null,
    "description": "This specification defines APIs for observing latency of certain events triggered by user interaction.",
    "id": "event-timing-api",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1667836",
    "mozPosition": "positive",
    "mozPositionDetail": "This feature grants web authors insights about the latency of certain events triggered by user interaction. This API reports the timestamp of when the event was created, when the browser started to process the event, when the browser finished to process the event and the next frame rendering time (which represented when the content of the event was presented on screen). We believe this is useful for web authors to learn more about user engagement.",
    "mozPositionIssue": 283,
    "org": "Proposal",
    "title": "Event Timing API",
    "url": "https://wicg.github.io/event-timing/"
  },
  {
    "ciuName": null,
    "description": "A Web Platform API that allows users to login to websites with their federated accounts in a privacy preserving manner.",
    "id": "fedcm",
    "mdnUrl": null,
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1782066",
    "mozPosition": "positive",
    "mozPositionDetail": "Federated login is a widely-used feature on the web with significant user benefits in usability and security.  Unfortunately, federated identity on the web relies on the same techniques that are used to track web users.  The Federated Credential Management API puts the browser in control of managing cross-site logins.  Browsers can use this API as a way to give web users better ability to control and monitor how their identity - and any information related to their identity - is exchanged between sites.  Including the browser in a mediating role will adversely affect some cross-site interactions, in some cases making them less efficient or even less usable.  However, Mozilla considers it imperative that this change occur so that users can be granted control - and awareness - of all instances where their information is transferred between sites.  This proposal provides browsers with the opportunity to provide these capabilities.  Note that Mozilla also wants to acknowledge an important privacy compromise in the proposal: identity providers learn when and where the identity they provide is used.  Though alternative designs might be technically possible, this approach recognizes the security benefits gained by allowing identity providers the ability to audit logins.  Furthermore, though this design enables an authorized identity to track cross-site activity, it only does so with the direct permission and knowledge of users.",
    "mozPositionIssue": 618,
    "org": "Proposal",
    "title": "Federated Credential Management API",
    "url": "https://fedidcg.github.io/FedCM/"
  },
  {
    "ciuName": null,
    "description": "This document defines a set of Fetch metadata request headers that aim to provide servers with enough information to make a priori decisions about whether or not to service a request based on the way it was made, and the context in which it will be used.",
    "id": "fetch-metadata",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1508292",
    "mozPosition": "positive",
    "mozPositionDetail": "This gives servers useful context about requests that can be used to mitigate various security issues. The existing setup for embed/object elements gave some tough design challenges for this feature that were satisfactorily resolved. (There's also a reasonable expectation to be able to simplify these elements going forward.)",
    "mozPositionIssue": 88,
    "org": "W3C",
    "title": "Fetch Metadata Request Headers",
    "url": "https://github.com/w3c/webappsec-fetch-metadata"
  },
  {
    "ciuName": null,
    "description": "This proposal gives web applications a way to register their ability to handle (read, stream, edit) files with given MIME types and/or file extensions.",
    "id": "wicg-file-handling",
    "mozBugUrl": null,
    "mozPosition": "defer",
    "mozPositionDetail": "Not far enough along to properly evaluate.",
    "mozPositionIssue": 158,
    "org": "Proposal",
    "title": "File Handling",
    "url": "https://github.com/WICG/file-handling/blob/master/explainer.md"
  },
  {
    "ciuName": null,
    "description": "File System defines infrastructure for file systems as well as their API.",
    "id": "fs",
    "mdnUrl": null,
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1748667",
    "mozPosition": "positive",
    "mozPositionDetail": "A storage endpoint with a POSIX-like file system API is a valuable addition to the web platform.",
    "mozPositionIssue": 562,
    "org": "WHATWG",
    "title": "File System",
    "url": "https://fs.spec.whatwg.org/"
  },
  {
    "ciuName": "native-filesystem-api",
    "description": "This document defines a web platform API that lets websites gain write access to the local file system. It builds on File API, but adds lots of new functionality on top.",
    "id": "native-file-system",
    "mozBugUrl": null,
    "mozPosition": "negative",
    "mozPositionDetail": "There's a subset of this API we're quite enthusiastic about (in particular providing a read/write API for files and directories as alternative storage endpoint), but it is wrapped together with aspects for which we do not think meaningful end user consent is possible to obtain (in particular cross-site access to the end user's local file system). Overall we consider this harmful therefore, but Mozilla could be supportive of parts, provided this were segmented better.",
    "mozPositionIssue": 154,
    "org": "Proposal",
    "title": "File System Access",
    "url": "https://wicg.github.io/file-system-access/"
  },
  {
    "ciuName": null,
    "description": "This document proposes a new web platform mechanism to declare a collection of related domains as being in a First-Party Set.",
    "id": "first-party-sets",
    "mozBugUrl": null,
    "mozPosition": "negative",
    "mozPositionDetail": "We believe the definition of first party should be clear and understandable to users, web developers, and publishers, and thus ideally it should be based only on the top-level URL.  While we can't quite do that today because it isn't compatible with all sites, we'd like to move towards doing that, rather than standardizing a mechanism that moves away from that.  See <a href=\"https://github.com/privacycg/proposals/issues/17#issuecomment-641687052\">more details</a>.",
    "mozPositionIssue": 350,
    "org": "Proposal",
    "title": "First-Party Sets",
    "url": "https://github.com/WICG/first-party-sets"
  },
  {
    "ciuName": null,
    "description": "An API to enable objects other than built-in form control elements to participate in form submission, form validation, and so on.",
    "id": "form-participation-api",
    "mozBugUrl": [
      "https://bugzilla.mozilla.org/show_bug.cgi?id=1518442",
      "https://bugzilla.mozilla.org/show_bug.cgi?id=1552327"
    ],
    "mozPosition": "positive",
    "mozPositionDetail": "These propose what seems likely to be a useful addition to allow custom controls to participate in form validation and submission.",
    "mozPositionIssue": 150,
    "org": "WHATWG",
    "title": "Form Participation API",
    "url": "https://github.com/whatwg/html/pull/4383"
  },
  {
    "ciuName": null,
    "description": "A proposal for using URL fragments with spaces in them to select a bit of text to highlight and scroll to",
    "id": "fragmention",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "We feel that some of the use cases this proposal addresses are very important to address, but worry about the lack of a clear processing model and about possible compat constraints that may need implementation experience to fully understand.  More details are in the position issue.  See also the <a href=\"#scroll-to-text-fragment\">position on Scroll to Text Fragment</a>, which aims to address similar use cases.",
    "mozPositionIssue": 234,
    "org": "Proposal",
    "title": "Fragmention",
    "url": "https://indieweb.org/fragmention"
  },
  {
    "ciuName": null,
    "description": "This specification defines a framework for exposing sensor data to the Open Web Platform in a consistent way. It does so by defining a blueprint for writing specifications of concrete sensors along with an abstract Sensor interface that can be extended to accommodate different sensor types.",
    "id": "generic-sensor",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Sensor_APIs",
    "mozBugUrl": null,
    "mozPosition": "negative",
    "mozPositionDetail": "The purpose of most sensors and their associated risks are incredibly hard to convey to users, which means we cannot get informed consent. We are interested in addressing the use cases websites need sensors for in ways that do not give websites access to the sensors directly as that is rife with security and privacy issues.",
    "mozPositionIssue": 35,
    "org": "W3C",
    "title": "Generic Sensor API",
    "url": "https://w3c.github.io/sensors/"
  },
  {
    "ciuName": null,
    "description": "This specification defines the GeolocationSensor interface for obtaining the geolocation of the hosting device.",
    "id": "geolocation-sensor",
    "mdnUrl": "",
    "mozBugUrl": null,
    "mozPosition": "negative",
    "mozPositionDetail": "Given that the web already has a geolocation API, any additional API for the same purpose would have to meet a high bar as both will need to be maintained forever. While the document claims to improve security and privacy, there is no evidence that is the case. And as it can be largely polyfilled on top of the existing API, it seems better to invest in web platform geolocation additions there, if any.",
    "mozPositionIssue": 36,
    "org": "W3C",
    "title": "Geolocation Sensor",
    "url": "https://w3c.github.io/geolocation-sensor/"
  },
  {
    "ciuName": "mdn-api_navigator_getinstalledrelatedapps",
    "description": "The Get Installed Related Apps API allows web apps to detect if related apps are installed on the current device.",
    "id": "get-installed-related-apps",
    "mozBugUrl": null,
    "mozPosition": "negative",
    "mozPositionDetail": "This feature increases the fingerprinting surface of browsers without sufficient safeguards.",
    "mozPositionIssue": 213,
    "org": "Proposal",
    "title": "Get Installed Related Apps API",
    "url": "https://wicg.github.io/get-installed-related-apps/spec"
  },
  {
    "ciuName": "imports",
    "description": "HTML Imports are a way to include and reuse HTML documents in other HTML documents.",
    "id": "html-imports",
    "mozBugUrl": null,
    "mozPosition": "negative",
    "mozPositionDetail": "Mozilla anticipated that JavaScript modules would change the landscape here and would rather invest in evolving that, e.g., through HTML Modules. Having a single mechanism to deal with dependencies rather than several, potentially conflicting systems, seems preferable.",
    "mozPositionIssue": 60,
    "org": "W3C",
    "title": "HTML Imports",
    "url": "https://www.w3.org/TR/2016/WD-html-imports-20160225"
  },
  {
    "ciuName": null,
    "description": "An extension of the ES6 Script Modules system to include HTML Modules. These will allow web developers to package and access declarative content from script in a way that allows for good componentization and reusability, and integrates well into the existing ES6 Modules infrastructure.",
    "id": "html-modules",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": null,
    "mozPositionIssue": 137,
    "org": "WHATWG",
    "title": "HTML Modules",
    "url": "https://github.com/w3c/webcomponents/blob/gh-pages/proposals/html-modules-explainer.md"
  },
  {
    "ciuName": null,
    "description": "Overhaul the <code>autofocus</code> processing model to better match browser behavior, fit better within the specification ecosystem, and avoid bad results for users.",
    "id": "autofocus-overhaul",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1574435",
    "mozPosition": "positive",
    "mozPositionDetail": null,
    "mozPositionIssue": 195,
    "org": "WHATWG",
    "title": "HTML autofocus attribute overhaul",
    "url": "https://github.com/whatwg/html/pull/4763"
  },
  {
    "ciuName": "mdn-api_htmlvideoelement_requestvideoframecallback",
    "description": "&lt;video>.requestVideoFrameCallback() allows web authors to be notified when a frame has been presented for composition.",
    "id": "requestVideoFrameCallback",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "This is intended to allow web authors to do efficient per-video-frame processing of video, such as video processing and painting to a canvas, video analysis, or synchronization with external audio sources.",
    "mozPositionIssue": 250,
    "org": "Proposal",
    "title": "HTMLVideoElement.requestVideoFrameCallback()",
    "url": "https://wicg.github.io/video-rvfc"
  },
  {
    "ciuName": null,
    "description": "This document defines two independent HTTP Cache-Control extensions that allow control over the use of stale responses by caches. This document is not an Internet Standards Track specification; it is published for informational purposes.",
    "id": "http-stale-controls",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "The stale-while-revalidate cache control extension appears to provide improved user experience with no obvious drawbacks. We take no position on the other mechanisms in RFC 5861 at this time.",
    "mozPositionIssue": 144,
    "org": "Proposal",
    "title": "HTTP Cache-Control Extensions for Stale Content",
    "url": "https://tools.ietf.org/html/rfc5861"
  },
  {
    "ciuName": "client-hints-dpr-width-viewport",
    "description": "An increasing diversity of Web-connected devices and software capabilities has created a need to deliver optimized content for each device. This specification defines an extensible and configurable set of HTTP request header fields, colloquially known as Client Hints, to address this. They are intended to be used as input to proactive content negotiation; just as the Accept header field allows user agents to indicate what formats they prefer, Client Hints allow user agents to indicate device and agent specific preferences.",
    "id": "http-client-hints",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers#Client_hints",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=935216",
    "mozPosition": "neutral",
    "mozPositionDetail": "Architecturally, Mozilla prefers client-side solutions for retrieving alternate versions of content, such as the HTML &lt;picture> tag. Despite these architectural preferences, we find that Client-Hints do not present a concrete harm to the web or to its users. ",
    "mozPositionIssue": 79,
    "org": "IETF",
    "title": "HTTP Client Hints",
    "url": "https://tools.ietf.org/html/draft-ietf-httpbis-client-hints"
  },
  {
    "ciuName": null,
    "description": "This document defines a web platform API for observing system-wide user presence signals.",
    "id": "idle-detection-api",
    "mozBugUrl": "",
    "mozPosition": "negative",
    "mozPositionDetail": "We are concerned about the user-surveillance, user-manipulation, and abuse of user resources potential of this API, despite the required 60 second mitigation. Additionally it seems to be an unnecessarily powerful approach for the motivating use-cases, which themselves are not even clear they are worth solving, as pointed out in <a href=\"https://lists.webkit.org/pipermail/webkit-dev/2020-October/031562.html\">https://lists.webkit.org/pipermail/webkit-dev/2020-October/031562.html</a>",
    "mozPositionIssue": 453,
    "org": "Proposal",
    "title": "Idle Detection API",
    "url": "https://wicg.github.io/idle-detection/"
  },
  {
    "ciuName": null,
    "description": "The imperative slotting API allows the developer to explicitly set the assigned nodes for a slot element.",
    "id": "imperative-shadow-dom",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "The proposal is a relatively small addition to the existing Shadow DOM API and can make it easier to use Shadow DOM.",
    "mozPositionIssue": 409,
    "org": "WHATWG",
    "title": "Imperative Shadow DOM Distribution API",
    "url": "https://github.com/w3c/webcomponents/blob/gh-pages/proposals/Imperative-Shadow-DOM-Distribution-API.md"
  },
  {
    "ciuName": null,
    "description": "The Import Assertions and JSON modules proposal adds an inline syntax for module import statements to pass on more information alongside the module specifier, and an initial application for such attributes in supporting JSON modules in a common way across JavaScript environments.",
    "id": "import-attributes",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1648614",
    "mozPosition": "positive",
    "mozPositionDetail": "This proposal enables the importing of JSON content into a JS module. This mechanism is a prerequisite for HTML/CSS/JSON modules.",
    "mozPositionIssue": 373,
    "org": "Ecma",
    "title": "Import Assertions",
    "url": "https://tc39.es/proposal-import-assertions/"
  },
  {
    "ciuName": "import-maps",
    "description": "Import maps allow web pages to control the behavior of JavaScript imports.",
    "id": "import-maps",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1688879",
    "mozPosition": "positive",
    "mozPositionDetail": "We support the overall intent of the proposal and consider it worth prototyping. There are a few technical details that may require some care, in particular the relationship between speculative parsing and dynamic import maps.",
    "mozPositionIssue": 146,
    "org": "Proposal",
    "title": "Import Maps",
    "url": "https://wicg.github.io/import-maps/"
  },
  {
    "ciuName": null,
    "description": "This document proposes a few changes to cookies inspired by the properties of the HTTP State Tokens mechanism.  First, cookies should be treated as \"SameSite=Lax\" by default.  Second, cookies that explicitly assert \"SameSite=None\" in order to enable cross-site delivery should also be marked as \"Secure\".  Third, same-site should take the scheme of the sites into account.  Fourth, cookies should respect schemes.  Fifth, cookies associated with non-secure schemes should be removed at the end of a user's session.  Sixth, the definition of a session should be tightened.",
    "id": "cookie-incrementalism",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "Any approach that reduces the scope of cookie use is a security and privacy win. Because some such changes can break websites that rely on the broader scope, we would like to proceed with caution, but believe that the feature is worth experimenting with and collecting data about.",
    "mozPositionIssue": 260,
    "org": "Proposal",
    "title": "Incrementally Better Cookies",
    "url": "https://tools.ietf.org/html/draft-west-cookie-incrementalism"
  },
  {
    "ciuName": "jpegxl",
    "description": "The JPEG XL Image Coding System (ISO/IEC 18181) has a rich feature set and is particularly optimised for responsive web environments, so that content renders well on a wide range of devices. Moreover, it includes several features that help transition from the legacy JPEG format.",
    "id": "jpegxl",
    "mdnUrl": null,
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539075",
    "mozPosition": "neutral",
    "mozPositionDetail": "JPEG-XL includes features and performance that might differentiate it from other formats, but the benefits it provides are not significant enough on their own to justify the cost of adding another raster image format to the Web.",
    "mozPositionIssue": 522,
    "org": "Other",
    "title": "JPEG-XL",
    "url": "https://www.iso.org/standard/77977.html?browse=tc"
  },
  {
    "ciuName": "mdn-api_keyboardlayoutmap",
    "description": "This specification defines an API that allows websites to convert from a given code value to a valid key value that can be shown to the user to identify the given key. The conversion from code to key is based on the user\u2019s currently selected keyboard layout. It is intended to be used by web applications that want to treat the keyboard as a set of buttons and need to describe those buttons to the user.",
    "id": "keyboard-map",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1469017",
    "mozPosition": "negative",
    "mozPositionDetail": "We're concerned that this exposes keyboard layouts, which seem likely to be a significant source of fingerprinting data, in a way that does not require any user interaction.",
    "mozPositionIssue": 300,
    "org": "Proposal",
    "title": "Keyboard Map",
    "url": "https://wicg.github.io/keyboard-map/"
  },
  {
    "ciuName": null,
    "description": "This specification defines an API that allows web page authors to monitor the largest paint an element triggered on screen.",
    "id": "largest-contentful-paint",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1722322",
    "mozPosition": "positive",
    "mozPositionDetail": "We are aware the concerns about this API such as the heuristic isn't perfect, however, we believe this is the area we should explore and there are positive signs from this API such that it has the best correlation with SpeedIndex.",
    "mozPositionIssue": 191,
    "org": "Proposal",
    "title": "Largest Contentful Paint API",
    "url": "https://wicg.github.io/largest-contentful-paint/"
  },
  {
    "ciuName": null,
    "description": "This specification defines an API that provides web page authors with insights into the stability of their pages based on movements of the elements on the page.",
    "id": "layout-instability",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1651528",
    "mozPosition": "positive",
    "mozPositionDetail": "We're somewhat uneasy about the potential burden that this feature imposes on sites that don't use it, due to the requirements of the \"buffered\" flag.  However, setting that reservation aside, we think this sort of feature is worth exploring.  We've filed spec issues on that reservation and on some other points that need clarity.",
    "mozPositionIssue": 374,
    "org": "Proposal",
    "title": "Layout Instability API",
    "url": "https://wicg.github.io/layout-instability/"
  },
  {
    "ciuName": "loading-lazy-attr",
    "description": "Enabling images to be fetched at a later time, when the user is likely to look at them.",
    "id": "loading-lazy-attr",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/HTML/Element/img#attr-loading",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1542784",
    "mozPosition": "positive",
    "mozPositionDetail": "As currently scoped in the HTML pull request this is a reasonable addition to how images are fetched. (Note that the scope on Can I use is slightly bigger. Frames are likely a reasonable addition, but have their own set of design challenges.)",
    "mozPositionIssue": 151,
    "org": "WHATWG",
    "title": "Lazy loading (of images)",
    "url": "https://github.com/whatwg/html/pull/3752"
  },
  {
    "ciuName": null,
    "description": "This document updates RFC 6761 with the goal of ensuring that \"localhost\" can be safely relied upon as a name for the local host's loopback interface. To that end, stub resolvers are required to resolve localhost names to loopback addresses. Recursive DNS servers are required to return \"NXDOMAIN\" when queried for localhost names, making non-conformant stub resolvers more likely to fail and produce problem reports that result in updates. Together, these requirements would allow applications and specifications to join regular users in drawing the common-sense conclusions that \"localhost\" means \"localhost\", and doesn't resolve to somewhere else on the network.",
    "id": "let-localhost-be-localhost",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1220810",
    "mozPosition": "positive",
    "mozPositionDetail": "The proposal, to the extent it applies to browsers, is to hardcode localhost to always resolve to a loopback address instead of invoking the resolver library to perform such translation. Since browsers (including Firefox) treat files hosted on localhost to be more privileged than remote content, this proposal seems to be a good belt-and-suspenders approach to prevent certain exploits.",
    "mozPositionIssue": 121,
    "org": "IETF",
    "title": "Let 'localhost' be localhost.",
    "url": "https://tools.ietf.org/html/draft-ietf-dnsop-let-localhost-be-localhost"
  },
  {
    "ciuName": null,
    "description": "This describes APIs for TCP and UDP communication with arbitrary hosts",
    "id": "low-level-sockets",
    "mdnUrl": null,
    "mozBugUrl": null,
    "mozPosition": "negative",
    "mozPositionDetail": "This API creates a way to circumvent protections, in particular the same-origin policy, that have been developed to protect these services. The safeguards outlined in the explainer are inadequate and incomplete. Relying on user consent is not a sufficient safeguard if this capability were to be exposed to the web.",
    "mozPositionIssue": 431,
    "org": "Proposal",
    "title": "Low-level (Raw) Sockets API",
    "url": "https://github.com/WICG/raw-sockets/blob/master/docs/explainer.md"
  },
  {
    "ciuName": null,
    "description": "This specification enables web developers to show personalized media recommendations on the browser UI.",
    "id": "media-feeds",
    "mdnUrl": null,
    "mozBugUrl": null,
    "mozPosition": "negative",
    "mozPositionDetail": "Media feeds uses harmful technologies to amplify a harmful feature. Many of the capabilities this enables are available to sites in other ways. For those capabilities that are not, extensions to the <a href=\"https://w3c.github.io/mediasession/\">Media Session API</a> would be preferable.",
    "mozPositionIssue": 370,
    "org": "Proposal",
    "title": "Media Feeds",
    "url": "https://wicg.github.io/media-feeds/"
  },
  {
    "ciuName": null,
    "description": "This specification enables web developers to show customized media metadata on platform UI, customize available platform media controls, and access platform media keys such as hardware keys found on keyboards, headsets, remote controls, and software keys found in notification areas and on lock screens of mobile devices.",
    "id": "media-session",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Media_Session_API",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1112032",
    "mozPosition": "positive",
    "mozPositionDetail": "This API allows sites to offer users common media controls, which improves usability of media playback sites.",
    "mozPositionIssue": 28,
    "org": "W3C",
    "title": "Media Session Standard",
    "url": "https://w3c.github.io/mediasession/"
  },
  {
    "ciuName": "mdn-api_mediastreamtrack_contenthint",
    "description": "This specification extends MediaStreamTrack to let web applications provide an optional media-content hint attribute. This helps sinks like RTCPeerConnection or MediaRecorder select encoder parameters and processing algorithms appropriately based on a hint about the nature of the content being consumed without having to examine the actual content.",
    "id": "mst-content-hint",
    "mdnUrl": null,
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "Content Hints is a welcome higher-level abstraction that does not require broad knowledge and tuning of video encoder, audio-processing, and congestion controls directly. Early concerns over lack of specificity around how hints interact with the lower-level controls they complement have been addressed.",
    "mozPositionIssue": 101,
    "org": "W3C",
    "title": "MediaStreamTrack Content Hints",
    "url": "https://w3c.github.io/mst-content-hint/"
  },
  {
    "ciuName": null,
    "description": "This specification describes how a user agent should handle fetching of content over unencrypted or unauthenticated connections in the context of an encrypted and authenticated document.",
    "id": "mixed-content",
    "mdnUrl": null,
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1779757",
    "mozPosition": "positive",
    "mozPositionDetail": "Managing mixed content has been an important cornerstone of the migration to more HTTPS. The level 2 spec is an important step towards more HTTPS adoption and has the potential to also improve the user experience on sites with accidentally mixed content.",
    "mozPositionIssue": 668,
    "org": "W3C",
    "title": "Mixed Content",
    "url": "https://w3c.github.io/webappsec-mixed-content/"
  },
  {
    "ciuName": null,
    "description": "The Network Error Logging spec enables website to declare a reporting policy that can be used to report encountered network errors that prevented it from successfully loading its requested resources.",
    "id": "network-error-logging",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Network_Error_Logging",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1145235",
    "mozPosition": "negative",
    "mozPositionDetail": "The API enables the collection of user-specific information that sites might not otherwise be able to observe, which includes information that might be private under some circumstances. Furthermore, the specification does not seem to track changes to the Reporting API it builds upon and seems effectively unmaintained.",
    "mozPositionIssue": 99,
    "org": "W3C",
    "title": "Network Error Logging",
    "url": "https://w3c.github.io/network-error-logging/"
  },
  {
    "ciuName": "netinfo",
    "description": "The Network Information API enables web applications to access information about the network connection in use by the device.",
    "id": "netinfo",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1057169",
    "mozPosition": "negative",
    "mozPositionDetail": "This API provides information about a client's network connection, which allows sites to obtain additional information about clients and their environment. It is better that sites use methods that dynamically adapt to available bandwidth, as that is more accurate and likely to be applicable in the moment.",
    "mozPositionIssue": 117,
    "org": "Proposal",
    "title": "Network Information API",
    "url": "https://wicg.github.io/netinfo"
  },
  {
    "ciuName": null,
    "description": "This specification defines a delivery mechanism for a number of policies which are to be applied to an entire origin. It compliments header-based delivery mechanisms for existing policies (Content Security Policy, Referrer Policy, etc).",
    "id": "origin-policy",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1508290",
    "mozPosition": "positive",
    "mozPositionDetail": "Giving developers the ability to set policies for an entire origin is a powerful new primitive that will benefit security of applications as well as performance due to the ability to bypass CORS preflights. The renewed effort to make this happen takes a strong anti-tracking stance that is in line with our efforts around privacy in Fetch, such as isolating the HTTP cache. Given this, it seems worth figuring out if this can be made viable.",
    "mozPositionIssue": 160,
    "org": "Proposal",
    "title": "Origin Policy",
    "url": "https://wicg.github.io/origin-policy/"
  },
  {
    "ciuName": null,
    "description": "This feature allows for an agent cluster to be keyed by origin rather than site.",
    "id": "domenic-origin-isolation",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1665474",
    "mozPosition": "positive",
    "mozPositionDetail": "Letting developers opt out of document.domain and reduce the potential size of their agent cluster allows user agents to balance security, performance, and resource management.",
    "mozPositionIssue": 244,
    "org": "WHATWG",
    "title": "Origin-Keyed Agent Clusters",
    "url": "https://html.spec.whatwg.org/multipage/origin.html#origin-isolation"
  },
  {
    "ciuName": null,
    "description": "This specification defines capabilities that enable Web applications to handle requests for payment.",
    "id": "payment-handler",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1465682",
    "mozPosition": "positive",
    "mozPositionDetail": "The Payment Handler API has the potential to enable an open and secure payments ecosystem for the Web. At the same time, we remain concerned about some of the user interface requirements, and by the privacy and security assumptions made in the specification. We've raised our concerns at the W3C, and are working with the Payments working group to address those concerns. We hope that by prototyping the API we will actively address the privacy, security, and UI concerns; and fix those in the specification too. Additionally, having a working prototype will allow us to closely collaborate with the developer community and financial industry. By doing so, we will gain a better understanding of how we can solve the challenges we'll face, were we to eventually ship this API.",
    "mozPositionIssue": 23,
    "org": "W3C",
    "title": "Payment Handler API",
    "url": "https://w3c.github.io/payment-handler"
  },
  {
    "ciuName": null,
    "description": "This specification defines the machine-readable manifest file, known as a payment method manifest, describing how a payment method participates in the Web Payments ecosystem, and how such files are to be used.",
    "id": "payment-method-manifest",
    "mozBugUrl": null,
    "mozPosition": "defer",
    "mozPositionDetail": "We'd like to defer this for the same reasons as Payment Handler, given that it is closely related.",
    "mozPositionIssue": 22,
    "org": "W3C",
    "title": "Payment Method Manifest",
    "url": "https://w3c.github.io/payment-method-manifest"
  },
  {
    "ciuName": "background-sync",
    "description": "This specification describes a method that enables web applications to synchronize data in the background.",
    "id": "periodic-background-sync",
    "mozBugUrl": null,
    "mozPosition": "negative",
    "mozPositionDetail": "We're concerned that this feature would allow users to be tracked across networks (leaking private information about location and IP address and how they change over time), and that it would allow script execution and resource consumption when it isn't clear to the user that they're interacting with the site.  We might reconsider this position given evidence that these concerns can be safely addressed, however, addressing them for periodic background sync appears substantially harder than doing so for one-off background sync.",
    "mozPositionIssue": 214,
    "org": "Proposal",
    "title": "Periodic Background Synchronization",
    "url": "https://github.com/WICG/BackgroundSync/blob/master/explainers/periodicsync-explainer.md"
  },
  {
    "ciuName": "permissions-api",
    "description": "The Permissions Standard defines common infrastructure for other specifications that need to interact with browser permissions. It also defines an API to allow web applications to query and request changes to the status of a given permission.",
    "id": "permissions",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Permissions_API",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "Mozilla believes that the ability to work with user permissions is critical for user agency. There are certain aspects of the API that are not suitable for the permissions model used in Firefox and so we would like to work on improving several aspects of the API. In particular, we think that the way that status of permissions needs to more accurately reflect the different states that exist or could exist. We also think that the interactions with Feature Policy need to be better clarified. We're committed to fixing this, because permissions has become critical in making the web a more capable platform and it is important to ensure that we preserve user control over their online experience.",
    "mozPositionIssue": 19,
    "org": "W3C",
    "title": "Permissions",
    "url": "https://w3c.github.io/permissions/"
  },
  {
    "ciuName": "permissions-policy",
    "description": "This specification defines a mechanism that allows developers to selectively enable and disable use of various browser features and APIs.",
    "id": "feature-policy",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1390801",
    "mozPosition": "positive",
    "mozPositionDetail": "Mozilla's primary interest in this specification is in the delegation of permissions to third-party contexts that are not granted there by default. To that end we have shipped the allow attribute. The recently revised Permissions-Policy header seems worth prototyping and would allow for sites to impose restrictions on themselves. We hope that the JavaScript API can be folded into the Permissions API and have not evaluated the reporting functionality as of yet.",
    "mozPositionIssue": 24,
    "org": "W3C",
    "title": "Permissions Policy",
    "url": "https://w3c.github.io/webappsec-permissions-policy/"
  },
  {
    "ciuName": "picture-in-picture",
    "description": "This specification intends to provide APIs to allow websites to create a floating video window always on top of other windows so that users may continue consuming media while they interact with other content sites, or applications on their device.",
    "id": "picture-in-picture",
    "mozBugUrl": null,
    "mozPosition": "defer",
    "mozPositionDetail": "We ship Picture-in-Picture (PiP) as a feature in Firefox, but without exposing a JavaScript API. We are evaluating if our PiP UI affordances are sufficient for users and web applications. In the future, we may reconsider exposing the API, which is why we have chosen to 'defer'.",
    "mozPositionIssue": 72,
    "org": "Proposal",
    "title": "Picture-in-Picture",
    "url": "https://wicg.github.io/picture-in-picture/"
  },
  {
    "ciuName": "portals",
    "description": "This specification defines a mechanism that allows for rendering of, and seamless navigation to, embedded content.",
    "id": "portals",
    "mozBugUrl": null,
    "mozPosition": "defer",
    "mozPositionDetail": "While we are deferring evaluation of this proposal, because per <a href=\"https://github.com/mozilla/standards-positions/issues/157#issuecomment-636217042\">Domenic's comment</a> it is in the early stages of development and it is too early to evaluate fully, there are concerns (serious enough to mark it as harmful) that we would like to see addressed as it develops.  Most significantly, it needs to explain its interaction with the Web's storage mechanisms in a way that doesn't contribute to third-party tracking or reduce the effectiveness of proposals designed to mitigate such tracking (such as those that partition storage based on toplevel origins).  It also needs to justify the (still undetermined) amount of complexity that it adds to the web platform with sufficiently valuable use cases to justify that complexity.",
    "mozPositionIssue": 157,
    "org": "Proposal",
    "title": "Portals",
    "url": "https://wicg.github.io/portals/"
  },
  {
    "ciuName": null,
    "description": "This specification defines APIs for scheduling and controlling prioritized tasks.",
    "id": "scheduling-api",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1734997",
    "mozPosition": "positive",
    "mozPositionDetail": "This feature is useful for web developers to provide a more responsive experience to users.",
    "mozPositionIssue": 546,
    "org": "Proposal",
    "title": "Prioritized Task Scheduling",
    "url": "https://wicg.github.io/scheduling-apis/"
  },
  {
    "ciuName": null,
    "description": "Specification of the Priority Hints feature.",
    "id": "priority-hints",
    "mdnUrl": null,
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "Priority hints allow sites to provide information about how subresources on a page might be prioritized for fetching. This can allow the browser to override parts of the internal prioritization heuristics that are used for resource fetching, which could improve page load performance.",
    "mozPositionIssue": 606,
    "org": "Proposal",
    "title": "Priority Hints",
    "url": "https://wicg.github.io/priority-hints/"
  },
  {
    "ciuName": null,
    "description": "This specification defines a privacy preserving way to attribute a conversion, such as a purchase or a sign-up, to a previous ad click.",
    "id": "private-click-measurement",
    "mozBugUrl": null,
    "mozPosition": "defer",
    "mozPositionDetail": "We're interested in this specification in order to support a way for a click source to measure conversions as a result of the user clicking on an ad without sharing user-identifying information with the click source in the third-party context.  However, we are waiting to take a position until the fraud preventions that it depends on are specified and we can understand their properties.",
    "mozPositionIssue": 161,
    "org": "Proposal",
    "title": "Private Click Measurement",
    "url": "https://privacycg.github.io/private-click-measurement/"
  },
  {
    "ciuName": null,
    "description": "This document specifies modifications to Fetch which are intended to mitigate the risks associated with unintentional exposure of devices and servers on a client\u2019s internal network to the web at large.",
    "id": "cors-and-rfc1918",
    "mdnUrl": null,
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1481298",
    "mozPosition": "positive",
    "mozPositionDetail": "While imperfect and arguably at odds with Internet architecture, localhost and local networks of end users are vulnerable to attacks that this protocol will help mitigate.",
    "mozPositionIssue": 143,
    "org": "Proposal",
    "title": "Private Network Access",
    "url": "https://wicg.github.io/private-network-access/"
  },
  {
    "ciuName": null,
    "description": "Powerful web applications would like to exchange data with native applications via the OS clipboard (copy-paste). The existing Web Platform has a high-level API that supports the most popular standardized data types (text, image, rich text) across all platforms. However, this API does not scale to the long tail of specialized formats. In particular, non-web-standard formats like TIFF (a large image format), and proprietary formats like .docx (a document format), are not supported by the current Web Platform. Raw Clipboard Access aims to provide a low-level API solution to this problem, by implementing copying and pasting of data with any arbitrary Clipboard type, without encoding and decoding.",
    "id": "raw-clipboard-access",
    "mozBugUrl": null,
    "mozPosition": "negative",
    "mozPositionDetail": "The current proposal has significant risks of attacks on native applications.  Some of these attacks may be mitigated by pickling or other similar solutions.  If such a solution is incorporated, we would be willing to reevaluate this proposal.",
    "mozPositionIssue": 206,
    "org": "Proposal",
    "title": "Raw Clipboard Access",
    "url": "https://github.com/WICG/raw-clipboard-access/"
  },
  {
    "ciuName": null,
    "description": "A TC39 proposal to add an .at() method to all the basic indexable classes (Array, String, TypedArray) which allows relative indexing of collection.",
    "id": "relative-indexing-method",
    "mdnUrl": null,
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1658308",
    "mozPosition": "positive",
    "mozPositionDetail": "Relative indexing is useful for typed arrays and arrays and will be a quality of life improvement for developers.",
    "mozPositionIssue": 458,
    "org": "Ecma",
    "title": "Relative indexing method",
    "url": "https://github.com/tc39/proposal-relative-indexing-method"
  },
  {
    "ciuName": null,
    "description": "This document defines a generic reporting framework which allows web developers to associate a set of named reporting endpoints with an origin. Various platform features can use these endpoints to deliver feature-specific reports in a consistent manner.",
    "id": "reporting",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1620573",
    "mozPosition": "positive",
    "mozPositionDetail": "This is a reasonable generalization of the CSP reporting mechanism that allows more features to adopt it.",
    "mozPositionIssue": 104,
    "org": "W3C",
    "title": "Reporting API",
    "url": "https://w3c.github.io/reporting/"
  },
  {
    "ciuName": null,
    "description": "A way to force an embedded document and descendants (regardless of origin) into each having their own agent/event loop.",
    "id": "documentaccess",
    "mozBugUrl": null,
    "mozPosition": "negative",
    "mozPositionDetail": "Changing control flow of cross-origin documents without their consent is not something we should expand upon (i.e., beyond what sandboxing allows) as it could enable attack vectors. Furthermore, forcing same-origin documents in the same browsing context group to be in different agents is a major architectural change and this does not offer enough advantages to make such a change.",
    "mozPositionIssue": 197,
    "org": "Proposal",
    "title": "Restricting Document Access of Same Origin Documents",
    "url": "https://github.com/dtapuska/documentaccess"
  },
  {
    "ciuName": "mdn-api_sanitizer",
    "description": "The Sanitizer API allows turning supplied HTML into a safe HTML DOM tree",
    "id": "sanitizer-api",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1650370",
    "mozPosition": "positive",
    "mozPositionDetail": "This could be useful, since libraries exists and the browser could do it better.",
    "mozPositionIssue": 106,
    "org": "Proposal",
    "title": "Sanitizer API",
    "url": "https://wicg.github.io/sanitizer-api/"
  },
  {
    "ciuName": null,
    "description": "Reducing the scope of cookies by including the URL scheme in their keying material as well as reducing the lifetime of non-secure cookies.",
    "id": "scheming-cookies",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "Reducing the scope of cookies along this axis is a major win.",
    "mozPositionIssue": 298,
    "org": "Proposal",
    "title": "Scheme-Bound Cookies",
    "url": "https://github.com/mikewest/scheming-cookies"
  },
  {
    "ciuName": "wake-lock",
    "description": "This document specifies an API that allows web applications to request a screen wake lock. Under the right conditions, and if allowed, the screen wake lock prevents the system from turning off a device's screen.",
    "id": "screen-wake-lock",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1589554",
    "mozPosition": "positive",
    "mozPositionDetail": "As the scope of the specification has been reduced to screen wake locks, it's worth prototyping this API in a manner that restricts it to foreground first-party content. Additionally, the API appears flexible enough that a permission grant can be performed asynchronously, allowing us to evaluate the most appropriate permission model should we choose to ship this API in the future. As the API allows the capability to be revoked at any time, we can also prototype eagerly granting, notifying the user what's going on, and allowing users to disable the capability entirely - either per origin, or globally through a browser setting. There is a risk that sites could abuse the API for the sake of engagement, which could unnecessarily drain a device's battery. It could also be a nuisance or be used for social engineering attacks: such as disabling the system's ability to password-lock a device when the screen doesn't switch off if the user leaves their device unattended. Prototyping this capability would allow us to further evaluate how to best mitigate the aforementioned concerns.",
    "mozPositionIssue": 210,
    "org": "W3C",
    "title": "Screen Wake Lock API",
    "url": "https://w3c.github.io/wake-lock/"
  },
  {
    "ciuName": null,
    "description": "A use of TLS Exported Authenticators is described which enables HTTP/2 clients and servers to offer additional certificate-based credentials after the connection is established. The means by which these credentials are used with requests is defined.",
    "id": "http2-secondary-certs",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "This specification enables client authentication in HTTP/2, which is of some benefit. However, it is the server authentication that is most interesting from a privacy perspective. There are some challenges that would need to be worked through before this could be deployed in anything other than an experiment.",
    "mozPositionIssue": 175,
    "org": "IETF",
    "title": "Secondary Certificate Authentication in HTTP/2",
    "url": "https://tools.ietf.org/html/draft-ietf-httpbis-http2-secondary-certs"
  },
  {
    "ciuName": "mdn-api_serial",
    "description": "The Serial API provides a way for websites to read and write from a serial device through script. Such an API would bridge the web and the physical world, by allowing documents to communicate with devices such as microcontrollers, 3D printers, and other serial devices. There is also a companion explainer document.",
    "id": "webserial",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=webserial",
    "mozPosition": "negative",
    "mozPositionDetail": "Devices that offer serial interfaces often expose powerful, low-level functions over the interface with little or no authentication. Exposing that sort of capability to the web without adequate safeguards presents a significant threat to those devices.",
    "mozPositionIssue": 336,
    "org": "Proposal",
    "title": "Serial API",
    "url": "https://wicg.github.io/serial"
  },
  {
    "ciuName": null,
    "description": "This document specifies the \"SVCB\" and \"HTTPSSVC\" DNS resource record types to facilitate the lookup of information needed to make connections for origin resources, such as for HTTPS URLs. SVCB records allow an origin to be served from multiple network locations, each with associated parameters (such as transport protocol configuration and keying material for encrypting TLS SNI). They also enable aliasing of apex domains, which is not possible with CNAME. The HTTPSSVC DNS RR is a variation of SVCB for HTTPS and HTTP origins. By providing more information to the client before it attempts to establish a connection, these records offer potential benefits to both performance and privacy.",
    "id": "dnsop-svcb-httpssvc",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "While there are some details of the proposal that may require refining, we beleive that this is a promising approach to support Encrypted SNI, and may help improve user experience with HTTP/3.",
    "mozPositionIssue": 208,
    "org": "IETF",
    "title": "Service binding and parameter specification via the DNS (DNS SVCB and HTTPSSVC)",
    "url": "https://tools.ietf.org/html/draft-ietf-dnsop-svcb-httpssvc"
  },
  {
    "ciuName": "shadowdomv1",
    "description": "A way to give a node in the DOM a hidden subtree in which the children of the node can be inserted.",
    "id": "shadow-trees",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "A welcome successor to XBL!",
    "mozPositionIssue": 60,
    "org": "WHATWG",
    "title": "Shadow trees (formerly known as Shadow DOM)",
    "url": "https://dom.spec.whatwg.org/#shadow-trees"
  },
  {
    "ciuName": null,
    "description": "Shared storage is storage for an origin that is intentionally not partitioned by top-frame site. Storage may only be read in a restricted environment that has carefully constructed output gates.",
    "id": "shared-storage",
    "mdnUrl": null,
    "mozBugUrl": null,
    "mozPosition": "negative",
    "mozPositionDetail": "Mozilla has significant concerns about the viability of the isolation components of this design. The use cases presented do not, at this time, justify the complexity and privacy risks associated with this proposal.",
    "mozPositionIssue": 646,
    "org": "Proposal",
    "title": "Shared Storage",
    "url": "https://github.com/WICG/shared-storage"
  },
  {
    "ciuName": "sxg",
    "description": "This document specifies how a server can send an HTTP request/ response pair, known as an exchange, with signatures that vouch for that exchange's authenticity. These signatures can be verified against an origin's certificate to establish that the exchange is authoritative for an origin even if it was transferred over a connection that isn't. The signatures can also be used in other ways described in the appendices. These signatures contain countermeasures against downgrade and protocol-confusion attacks.",
    "id": "http-origin-signed-responses",
    "mozBugUrl": null,
    "mozPosition": "negative",
    "mozPositionDetail": "Mozilla has concerns about the shift in the web security model required for handling web-packaged information. Specifically, the ability for an origin to act on behalf of another without a client ever contacting the authoritative server is worrisome, as is the removal of a guarantee of confidentiality from the web security model (the host serving the web package has access to plain text). We recognise that the use cases satisfied by web packaging are useful, and would be likely to support an approach that enabled such use cases so long as the foregoing concerns could be addressed.",
    "mozPositionIssue": 29,
    "org": "Proposal",
    "title": "Signed HTTP Exchanges",
    "url": "https://tools.ietf.org/html/draft-yasskin-http-origin-signed-responses"
  },
  {
    "ciuName": "",
    "description": "The Storage Access API provides a means for authenticated cross-site embeds to check their blocking status and request access to storage if they are blocked.",
    "id": "storage-access-api",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1469714",
    "mozPosition": "positive",
    "mozPositionDetail": "In our current efforts to limit the impact of cross-site tracking there are cases where we may unintentionally break parts of web pages that users depend on. The storage access API provides a programmatic way for affected embedded content to fix these types of broken experiences for the user.  Also, in our upcoming efforts to limit the potential capabilities for unknown third-parties to track the user, we would like to continue to restrict the storage capabilities of the third-party context. The storage access API similarly provides a programmatic path for the embedded widgets which cannot work correctly without access to their data.  It isn't an ideal solution, for example our implementation falls back to prompting the user if it cannot automatically determine whether access should be granted or not, but it is a step in the right direction in the game of reversing the current defaults of the web, that is granting permissive storage access rights to all third-party contexts unconditionally.",
    "mozPositionIssue": 280,
    "org": "Proposal",
    "title": "Storage Access API",
    "url": "https://github.com/privacycg/storage-access"
  },
  {
    "ciuName": "streams",
    "description": "This specification provides APIs for creating, composing, and consuming streams of data that map efficiently to low-level I/O primitives.",
    "id": "streams",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Streams_API",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1128959",
    "mozPosition": "positive",
    "mozPositionDetail": "Streams are an important building block for many APIs, in particular around networking and media.",
    "mozPositionIssue": 70,
    "org": "WHATWG",
    "title": "Streams",
    "url": "https://streams.spec.whatwg.org"
  },
  {
    "ciuName": null,
    "description": "This document describes a set of data types and associated algorithms that are intended to make it easier and safer to define and handle HTTP header fields. It is intended for use by specifications of new HTTP header fields that wish to use a common syntax that is more restrictive than traditional HTTP field values.",
    "id": "structured-headers",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631722",
    "mozPosition": "positive",
    "mozPositionDetail": "Use of structured headers promises to improve consistency and interoperability of new HTTP header fields. Depending on further security analysis, we may upgrade this feature to 'important' in the future.",
    "mozPositionIssue": 256,
    "org": "IETF",
    "title": "Structured Headers for HTTP",
    "url": "https://tools.ietf.org/html/draft-ietf-httpbis-header-structure"
  },
  {
    "ciuName": null,
    "description": "Serializing and deserializing JavaScript Error objects.",
    "id": "errors-structured-cloning",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1556604",
    "mozPosition": "positive",
    "mozPositionDetail": "Good extension to the object serialization algorithm (StructuredSerializeInternal) as currently there is no way to serialize errors.",
    "mozPositionIssue": 165,
    "org": "WHATWG",
    "title": "Structured cloning of errors",
    "url": "https://github.com/whatwg/html/issues/4268"
  },
  {
    "ciuName": null,
    "description": "Stage 3 proposals add new features to the JavaScript language. Stage 3 indicates that a proposal has been accepted by implementations and other delegates as ready to implement, as per the TC39 staging process.",
    "id": "tc39-stage-3",
    "mdnUrl": null,
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1435811",
    "mozPosition": "positive",
    "mozPositionDetail": "Due to the structure of TC39, stage 3 signifies that a proposal is ready to implement. Stage 3 proposals have been reviewed by the SpiderMonkey team and more broadly within Gecko. Stage 2 proposals which require security/privacy review or host integration require their own Mozilla Standards Position.",
    "mozPositionIssue": 527,
    "org": "Ecma",
    "title": "TC39 Stage 3 Proposals",
    "url": "https://github.com/tc39/proposals#stage-3"
  },
  {
    "ciuName": "url-scroll-to-text-fragment",
    "description": "A proposal for extending URL fragment syntax with a list of text bits to highlight and scroll to.",
    "id": "scroll-to-text-fragment",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1753933",
    "mozPosition": "positive",
    "mozPositionDetail": "This is an important use case to address and the proposal does a good job at mitigating the compatibility and security issues. As a result the syntax is a tad inelegant, but workable. (See also the <a href=\"#fragmention\">position on Fragmention</a>, which aims to address similar use cases.)",
    "mozPositionIssue": 194,
    "org": "Proposal",
    "title": "Text Fragments",
    "url": "https://wicg.github.io/scroll-to-text-fragment/"
  },
  {
    "ciuName": null,
    "description": "Adds the global popover attribute to declaratively make an element be rendered on top of all other content and allow closing by the user (light dismiss).",
    "id": "popover",
    "mdnUrl": null,
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1808823",
    "mozPosition": "positive",
    "mozPositionDetail": "A common paradigm on the web which would be good for accessibility and developer ergonomics to support as a feature in HTML.",
    "mozPositionIssue": 698,
    "org": "WHATWG",
    "title": "The Popover API",
    "url": "https://github.com/whatwg/html/pull/8221"
  },
  {
    "ciuName": null,
    "description": "This document specifies the Privacy Pass protocol for anonymously authorizing clients with services on the Internet.  Note to Readers Source for this draft and an issue tracker can be found at https://github.com/grittygrease/draft-privacy-pass [1].",
    "id": "privacy-pass",
    "mozBugUrl": null,
    "mozPosition": "defer",
    "mozPositionDetail": "This protocol provides a way to achieve certain important goals, such as denial of service mitigation, without also creating tracking mechanisms.  As such, we are very supportive of the goal.  However, we will defer making a firm position until the protocol and the novel cryptographic primitives it relies on have had more thorough security analysis.",
    "mozPositionIssue": 261,
    "org": "Proposal",
    "title": "The Privacy Pass Protocol",
    "url": "https://tools.ietf.org/html/draft-privacy-pass"
  },
  {
    "ciuName": null,
    "description": "The goal of the Topics API is to provide callers with coarse-grained advertising topics that the page visitor might currently be interested in.",
    "id": "topics",
    "mdnUrl": null,
    "mozBugUrl": null,
    "mozPosition": "negative",
    "mozPositionDetail": "Mozilla is unable to see a way to make the Topics API work from a privacy standpoint. Though the information the API provides is small, our belief is that this is more likely to reduce the usefulness of the information for advertisers than it provides meaningful protection for privacy.  Unfortunately, it is hard to identify concrete ways in which this might be improved.",
    "mozPositionIssue": 622,
    "org": "Proposal",
    "title": "The Topics API",
    "url": "https://github.com/patcg-individual-drafts/topics"
  },
  {
    "ciuName": "webtransport",
    "description": "The WebTransport Protocol Framework enables clients constrained by the Web security model to communicate with a remote server using a secure multiplexed transport. It consists of a set of individual protocols that are safe to expose to untrusted applications, combined with a model that allows them to be used interchangeably. This document defines the overall requirements on the protocols used in WebTransport, as well as the common features of the protocols, support for some of which may be optional.",
    "id": "webtransport",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1709355",
    "mozPosition": "positive",
    "mozPositionDetail": "We are generally in support of a mechanism that addresses the use cases implied by this solution document. While major questions remain open at this time -- notably, multiplexing, the API surface, and available statistics -- we think that prototyping the proposed solution as details become more firm would be worthwhile. We would like see the new WebSocketStream and WebTransport stream APIs to be developed in concert with each other, so as to share as much design as possible.",
    "mozPositionIssue": 167,
    "org": "Proposal",
    "title": "The WebTransport Protocol Framework",
    "url": "https://tools.ietf.org/html/draft-ietf-webtrans-overview"
  },
  {
    "ciuName": "mdn-javascript_operators_await_top_level",
    "description": "Top-level await enables modules to act as big async functions: With top-level await, ECMAScript Modules (ESM) can await resources, causing other modules who import them to wait before they start evaluating their body.",
    "id": "top-level-await",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1519100",
    "mozPosition": "positive",
    "mozPositionDetail": "An ergonomic way of handling modules that contain top level asynchronous work.",
    "mozPositionIssue": 444,
    "org": "Ecma",
    "title": "Top-Level Await",
    "url": "https://github.com/tc39/proposal-top-level-await"
  },
  {
    "ciuName": null,
    "description": "In Transport Layer Security (TLS) handshakes, certificate chains often take up the majority of the bytes transmitted. This document describes how certificate chains can be compressed to reduce the amount of data transmitted and avoid some round trips.",
    "id": "tls-certificate-compression",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "Compression of certificates should provide some performance advantages.",
    "mozPositionIssue": 96,
    "org": "IETF",
    "title": "Transport Layer Security (TLS) Certificate Compression",
    "url": "https://tools.ietf.org/html/draft-ietf-tls-certificate-compression"
  },
  {
    "ciuName": null,
    "description": "This document is an explainer for a potential future web platform API that allows propagating trust across sites, using the Privacy Pass protocol as an underlying primitive.",
    "id": "trust-token",
    "mozBugUrl": null,
    "mozPosition": "defer",
    "mozPositionDetail": "This API depends on the Privacy Pass protocol, for which we have deferred our position statement.",
    "mozPositionIssue": 262,
    "org": "Proposal",
    "title": "Trust Token API",
    "url": "https://github.com/WICG/trust-token-api/blob/master/README.md"
  },
  {
    "ciuName": "trusted-types",
    "description": "An API that allows applications to lock down powerful APIs to only accept non-spoofable, typed values in place of strings to prevent vulnerabilities caused by using these APIs with attacker-controlled inputs.",
    "id": "trusted-types",
    "mozBugUrl": null,
    "mozPosition": "neutral",
    "mozPositionDetail": "The API could be used to harden sites against certain cross-site scripting issues, but it is sufficiently complex that we are concerned that it will not be suitable for many sites.",
    "mozPositionIssue": 20,
    "org": "W3C",
    "title": "Trusted Types",
    "url": "https://w3c.github.io/trusted-types/dist/spec/"
  },
  {
    "ciuName": null,
    "description": "The QID Emoji Tag Sequences (or QID emoji, for short) have been proposed to provide a well-defined mechanism for implementations to support additional valid emoji that are not representable by Unicode characters or emoji zwj sequences. This mechanism allows for the interchange of emoji whose meaning is discoverable, and which should be correctly parsed by all conformant implementations (although only displayed by implementations that support it). The meaning of each of these valid emoji is established by reference to a Wikidata QID.",
    "id": "unicode-emoji-qid",
    "mozBugUrl": null,
    "mozPosition": "negative",
    "mozPositionDetail": "Mozilla has a number of concerns about this proposal, including: (a) the lack of reference glyphs is likely to increase miscommunication between users; (b) having a formal, versioned approval process provides synchronization between implementors for adding new glyphs, and this proposal removes that; (c) QID glyphs that are later adopted into Unicode would result in duplicate encodings, perhaps in perpetuity; (d) gathering telemetry about the popularity of specific emoji for the purposes of more formal codepoint assignments may cause privacy issues and provides incumbent implementors a competitive advantage; and (e) there are no barriers to abuse of the QID system to create non-emoji characters as a general end-run around the Unicode process.",
    "mozPositionIssue": 233,
    "org": "Unicode",
    "title": "Unicode Emoji QID",
    "url": "https://www.unicode.org/review/pri408/pri408-tr51-QID.html"
  },
  {
    "ciuName": null,
    "description": "This document defines a set of Client Hints that aim to provide developers with the ability to perform agent-based content negotiation when necessary, while avoiding the historical baggage and passive fingerprinting surface exposed by the venerable \"User-Agent\" header.",
    "id": "ua-client-hints",
    "mozBugUrl": null,
    "mozPosition": "neutral",
    "mozPositionDetail": "UA Client Hints proposes that information derived from the User-Agent header field be sent as new structured fields to HTTPS servers that opt into receiving that information. The goal is to reduce the number of parties that can passively fingerprint users using UA fields. However, three of the new headers are sent unconditionally in every HTTPS request without explicit opt-in. We would prefer to progressively freeze the value of User-Agent HTTP header without replacement. We acknowledge the performance trade-offs this might introduce, but note that the performance characteristics of the proposed design are unclear and optimized almost exclusively for the very first connection to a site. The overheads involved add further uncertainty about performance as three new header fields are sent in every HTTPS request, plus fields for any information a site requests using the Accept-CH mechanism. Adding fields makes it more likely that server-side limits on fields are exceeded, which - even if it is not be a problem now - future specifications might be affected. Any benefit to edge caches from the use of the Vary mechanism on the new headers is not realized unless all clients send these new headers. For caching, we would prefer to explore other options that do not rely on all clients sending the new fields. The proposed NavigatorUAData interface JS API is preferable to use of header fields as it would better allow for auditing of the use of the information.",
    "mozPositionIssue": 202,
    "org": "Proposal",
    "title": "User Agent Client Hints",
    "url": "https://wicg.github.io/ua-client-hints/"
  },
  {
    "ciuName": "webauthn",
    "description": "This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. Conceptually, one or more public key credentials, each scoped to a given WebAuthn Relying Party, are created by and bound to authenticators as requested by the web application. The user agent mediates access to authenticators and their public key credentials in order to preserve user privacy. Authenticators are responsible for ensuring that no operation is performed without user consent. Authenticators provide cryptographic proof of their properties to Relying Parties via attestation. This specification also describes the functional model for WebAuthn conformant authenticators, including their signature and attestation functionality.",
    "id": "webauthn",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1294514",
    "mozPosition": "positive",
    "mozPositionDetail": "Public key cryptographic authentication is a major improvement in the fight against phishing, and we encourage all security-conscious web applications to implement authentication flows utilizing Web Authentication in the future.",
    "mozPositionIssue": 163,
    "org": "W3C",
    "title": "Web Authentication: An API for accessing Public Key Credentials",
    "url": "https://w3c.github.io/webauthn/"
  },
  {
    "ciuName": "background-sync",
    "description": "This specification describes a method that enables web applications to synchronize data in the background.",
    "id": "background-sync",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/SyncManager",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1547906",
    "mozPosition": "negative",
    "mozPositionDetail": "We're concerned that this feature would allow users to be tracked across networks (leaking private information about location and IP address and how they change over time), and that it would allow script execution and resource consumption when it isn't clear to the user that they're interacting with the site.  We might reconsider this position given evidence that these concerns can be safely addressed.",
    "mozPositionIssue": 173,
    "org": "Proposal",
    "title": "Web Background Synchronization",
    "url": "https://wicg.github.io/BackgroundSync/spec"
  },
  {
    "ciuName": "mdn-api_bluetooth",
    "description": "This document describes an API to discover and communicate with devices over the Bluetooth 4 wireless standard using the Generic Attribute Profile (GATT).",
    "id": "web-bluetooth",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Web_Bluetooth_API",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=674737",
    "mozPosition": "negative",
    "mozPositionDetail": "This API provides access to the Generic Attribute Profile (GATT) of Bluetooth, which is not the lowest level of access that the specifications allow, but its generic nature makes it impossible to clearly evaluate. Like <a href=\"#webusb\">WebUSB</a> there is significant uncertainty regarding how well prepared devices are to receive requests from arbitrary sites. The generic nature of the API means that this risk is difficult to manage. The Web Bluetooth CG has opted to only rely on user consent, which we believe is not sufficient protection. This proposal also uses a blocklist, which will require constant and active maintenance so that vulnerable devices aren't exploited. This model is unsustainable and presents a significant risk to users and their devices.",
    "mozPositionIssue": 95,
    "org": "Proposal",
    "title": "Web Bluetooth",
    "url": "https://webbluetoothcg.github.io/web-bluetooth/"
  },
  {
    "ciuName": null,
    "description": "This specification describes an API that can be used to retrieve the amount of budget an origin has available for resource consuming background operations, as well as the cost associated with doing such an operation.",
    "id": "budget-api",
    "mozBugUrl": null,
    "mozPosition": "neutral",
    "mozPositionDetail": "This specification is being abandoned.",
    "mozPositionIssue": 73,
    "org": "Proposal",
    "title": "Web Budget API",
    "url": "https://wicg.github.io/budget-api/"
  },
  {
    "ciuName": null,
    "description": "An API that allows web applications to encode and decode audio and video",
    "id": "web-codecs",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "This proposes a coherent set of APIs to address encoding and decoding of video and audio, which is designed to be extensible, composable, and address real use cases with good performance.",
    "mozPositionIssue": 209,
    "org": "Proposal",
    "title": "Web Codecs",
    "url": "https://github.com/WICG/web-codecs"
  },
  {
    "ciuName": "webgpu",
    "description": "This specification describes support for accessing modern 3D graphics and GPU computation capabilities on the Web.",
    "id": "webgpu",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1602129",
    "mozPosition": "positive",
    "mozPositionDetail": "We believe that WebGPU is key to enable more interactive and content-rich applications on the Web than currently possible with WebGL. WebGPU can scale better to the capabilities of GPUs with less overhead for users because it's modelled after the intersection of the modern native GPU APIs, so allows developers to express the GPU workloads more explicitly.",
    "mozPositionIssue": 239,
    "org": "Proposal",
    "title": "Web GPU API",
    "url": "https://gpuweb.github.io/gpuweb/"
  },
  {
    "ciuName": null,
    "description": "This document defines a web platform API that allows script to asynchronously acquire a lock over a resource, hold it while work is performed, then release it. While held, no other script in the origin can acquire a lock over the same resource. This allows contexts (windows, workers) within a web application to coordinate the usage of resources.",
    "id": "web-locks",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Web_Locks_API",
    "mozBugUrl": "",
    "mozPosition": "positive",
    "mozPositionDetail": "The specification provides important web platform primitives for same-global and cross-global coordination and avoids requiring other APIs to grow their own transaction abstractions (ex: the Service Worker spec's Cache API).",
    "mozPositionIssue": 64,
    "org": "W3C",
    "title": "Web Locks API",
    "url": "https://w3c.github.io/web-locks/"
  },
  {
    "ciuName": "midi",
    "description": "This specification defines an API supporting the MIDI (Musical Instrument Digital Interface) protocol, enabling web applications to enumerate and select MIDI input and output devices on the client system and send and receive MIDI messages. It is intended to enable non-music MIDI applications as well as music ones, by providing low-level access to the MIDI devices available on the users' systems.",
    "id": "webmidi",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/MIDIAccess",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=836897",
    "mozPosition": "positive",
    "mozPositionDetail": "This specification is a reasonable technical design for exposing MIDI devices to JavaScript, which has some demonstrated use-cases in the market. MIDI devices are not universally hardened against adversarial input (especially when sysex is involved) so we don't believe this API is safe to expose in the casual and low-trust context of ordinary websites. We therefore only expose it in Firefox if the user has deliberately installed a site-specific add-on to enable the capability.",
    "mozPositionIssue": 58,
    "org": "W3C",
    "title": "Web MIDI API (Add-On Gated)",
    "url": "https://webaudio.github.io/web-midi-api/"
  },
  {
    "ciuName": "webnfc",
    "description": "Near Field Communication (NFC) enables wireless communication between two devices at close proximity, usually less than a few centimeters. This document defines an API to enable selected use cases based on NFC technology. The current scope of this specification is NDEF. Low-level I/O operations (e.g. ISO-DEP, NFC-A/B, NFC-F) and Host-based Card Emulation (HCE) are not supported within the current scope.",
    "id": "web-nfc",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1308614",
    "mozPosition": "negative",
    "mozPositionDetail": "We believe Web NFC poses risks to users security and privacy because of the wide range of functionality of the existing NFC devices on which it would be supported, because there is no system for ensuring that private information is not accidentally exposed other than relying on user consent, and because of the difficulty of meaningfully asking the user for permission to share or write data when the browser cannot explain to the user what is being shared or written.",
    "mozPositionIssue": 238,
    "org": "Proposal",
    "title": "Web NFC",
    "url": "https://w3c.github.io/web-nfc/"
  },
  {
    "ciuName": "web-share",
    "description": "This specification defines an API for sharing text, links and other content to an arbitrary destination of the user's choice.The available share targets are not specified here; they are provided by the user agent. They could, for example, be apps, websites or contacts.",
    "id": "web-share",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/Navigator/share",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312422",
    "mozPosition": "positive",
    "mozPositionDetail": "This specification defines an API that invokes sharing features of the operating system, for passing information to other applications.  One risk of this is that having this as in-page user interface rather than in-browser user interface may reduce the relevance to the user of the information shown in the URL/location bar.  However, given the demand for this capability it seems like it is likely worth exposing to the Web, and we support prototyping this feature.",
    "mozPositionIssue": 27,
    "org": "W3C",
    "title": "Web Share API",
    "url": "https://w3c.github.io/web-share/"
  },
  {
    "ciuName": null,
    "description": "This specification defines an API that allows websites to declare themselves as web share targets, which can receive shared content from either the Web Share API, or system events (e.g., shares from native apps). This is a similar mechanism to navigator.registerProtocolHandler, in that it works by registering the website with the user agent, to later be invoked from another site or native application via the user agent (possibly at the discretion of the user). The difference is that registerProtocolHandler registers the handler via a programmatic API, whereas a Web Share Target is declared in the Web App Manifest, to be registered at a time of the user agent or user's choosing.",
    "id": "web-share-target",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1476515",
    "mozPosition": "positive",
    "mozPositionDetail": "This specification affords web applications the ability to handle user-initiated 'share' actions (e.g., sharing a link, image, text, or other media) in contexts that have traditionally been the exclusive domain of native and/or system applications. We believe this API is worth prototyping because it enhances the utility of web applications to end-users, and allows us to explore ways that web applications can more effectively integrate with the underlying operating system.",
    "mozPositionIssue": 27,
    "org": "Proposal",
    "title": "Web Share Target API",
    "url": "https://wicg.github.io/web-share-target/"
  },
  {
    "ciuName": null,
    "description": "This document describes a common data model and API for the Web of Things. The Web Thing Description provides a vocabulary for describing physical devices connected to the World Wide Web in a machine readable format with a default JSON encoding. The Web Thing REST API and Web Thing WebSocket API allow a web client to access the properties of devices, request the execution of actions and subscribe to events representing a change in state. Some basic Web Thing Types are provided and additional types can be defined using semantic extensions with JSON-LD. In addition to this specification there is a note on Web Thing API Protocol Bindings which proposes non-normative bindings of the Web Thing API to various existing IoT protocols. There is also a document describing Web of Things Integration Patterns which provides advice on different design patterns for integrating connected devices with the Web of Things, and where each pattern is most appropriate.",
    "id": "web-thing-api",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": null,
    "mozPositionIssue": 44,
    "org": "W3C",
    "title": "Web Thing API",
    "url": "https://iot.mozilla.org/wot/"
  },
  {
    "ciuName": null,
    "description": "exception propagation and handling for webassembly",
    "id": "wasm-exceptions",
    "mdnUrl": null,
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1695715",
    "mozPosition": "positive",
    "mozPositionDetail": "Exception handling is important to C++ programs targeting the web, and to other languages in the future.",
    "mozPositionIssue": 573,
    "org": "Proposal",
    "title": "WebAssembly Exception Handling",
    "url": "https://github.com/webassembly/exception-handling/"
  },
  {
    "ciuName": null,
    "description": "128-bit vector data type and operations for webassembly",
    "id": "wasm-simd",
    "mdnUrl": null,
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1625130",
    "mozPosition": "positive",
    "mozPositionDetail": "Supports common SIMD data type and operations important to C/C++/Rust programs targeting the web within domains such as graphics, video/audio encoding/decoding, and machine learning.",
    "mozPositionIssue": 491,
    "org": "W3C",
    "title": "WebAssembly SIMD",
    "url": "https://github.com/webassembly/simd/"
  },
  {
    "ciuName": null,
    "description": "The BiDirectional WebDriver Protocol, a mechanism for remote control of user agents.",
    "id": "webdriver-bidi",
    "mdnUrl": null,
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1690255",
    "mozPosition": "positive",
    "mozPositionDetail": "Automation is an important capability for the web platform - for example, reliable automated testing makes it easier for websites to offer a functional user experience. The current standard protocol for building these tools has fallen behind demonstrated needs, which has in part led to new tools being built on Chrome DevTools Protocol. This makes it harder to automate across multiple browsers and versions of browsers - it\u2019d be better for the standard protocol to support these needs.",
    "mozPositionIssue": 632,
    "org": "W3C",
    "title": "WebDriver BiDi",
    "url": "https://w3c.github.io/webdriver-bidi/"
  },
  {
    "ciuName": "https://caniuse.com/webhid",
    "description": "This document describes an API for providing access to devices that support the Human Interface Device (HID) protocol.",
    "id": "webhid",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/HID",
    "mozBugUrl": null,
    "mozPosition": "negative",
    "mozPositionDetail": "This API, like <a href=#webusb>WebUSB</a>, provides access to generic devices. Though this API is limited to human interface devices (HID), the same concerns apply as WebUSB, namely that devices are generally not designed with access from arbitrary websites in their threat model.",
    "mozPositionIssue": 459,
    "org": "Proposal",
    "title": "WebHID API",
    "url": "https://wicg.github.io/webhid/"
  },
  {
    "ciuName": null,
    "description": "This API defines an API surface for manipulating the bits on MediaStreamTracks being sent via an RTCPeerConnection.",
    "id": "webrtc-insertable-streams",
    "mdnUrl": null,
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "This approach provides sites a way to offer a form of end-to-end protection for media, especially in those very common cases where media for group sessions is managed by a central service. The proposed API, together with the SFrame proposal, provides sites the ability to limit the information that is exposed to the central service. Mozilla would prefer to include better key management than this approach proposes, perhaps using <a href=\"https://datatracker.ietf.org/doc/html/draft-ietf-mls-architecture\">MLS</a>, which might guarantee certain security and privacy gains for users. However, we recognize that this is not yet feasible and this API can provide security and privacy gains if carefully applied by sites.",
    "mozPositionIssue": 330,
    "org": "W3C",
    "title": "WebRTC Insertable Media using Streams",
    "url": "https://w3c.github.io/webrtc-insertable-streams/"
  },
  {
    "ciuName": "",
    "description": "Use cases about providing guarantees to users about the privacy of their WebRTC videoconferencing when the servers are not trusted but the JavaScript is.",
    "id": "webrtc-nv-use-cases-trusted-js",
    "mozBugUrl": null,
    "mozPosition": "negative",
    "mozPositionDetail": "We believe the \"Untrusted JS\" alternative would allow browsers to provide useful guarantees to users about the security of their videoconferencing, but the \"Trusted JS\" variant would not, and seems likely to add unnecessary complexity.",
    "mozPositionIssue": 205,
    "org": "Proposal",
    "title": "WebRTC Next Version Use Cases: Trusted JavaScript",
    "url": "https://github.com/w3c/webrtc-nv-use-cases/pull/49/files"
  },
  {
    "ciuName": "webusb",
    "description": "This document describes an API for securely providing access to Universal Serial Bus devices from web pages.",
    "id": "webusb",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/USB",
    "mozBugUrl": null,
    "mozPosition": "negative",
    "mozPositionDetail": "Because many USB devices are not designed to handle potentially-malicious interactions over the USB protocols and because those devices can have significant effects on the computer they're connected to, we believe that the security risks of exposing USB devices to the Web are too broad to risk exposing users to them or to explain properly to end users to obtain meaningful informed consent. It also poses risks that sites could use USB device identity or data stored on USB devices as tracking identifiers.",
    "mozPositionIssue": 100,
    "org": "Proposal",
    "title": "WebUSB API",
    "url": "https://wicg.github.io/webusb/"
  },
  {
    "ciuName": "webxr",
    "description": "This specification describes support for accessing virtual reality (VR) and augmented reality (AR) devices, including sensors and head-mounted displays, on the Web.",
    "id": "webxr",
    "mdnUrl": "https://developer.mozilla.org/en-US/docs/Web/API/WebXR_Device_API",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1419190",
    "mozPosition": "positive",
    "mozPositionDetail": "The WebXR Device API is the basis for VR, MR, and AR on the web.  This is a significant and large suite of features.  There is the potential for XR to provide significant benefits, but also a number of risks to individual privacy and security due to the way that XR relies on sensors and environmental data.  Developing new interaction models also presents challenges and considerable work is required before new norms are established.  Mozilla is actively working on WebXR and supportive of its overall goals.  Our participation in and implementation of this API is critical to understanding the feature and learning how to empower users in managing the associated risks.",
    "mozPositionIssue": 218,
    "org": "Proposal",
    "title": "WebXR Device API",
    "url": "https://immersive-web.github.io/webxr/"
  },
  {
    "ciuName": null,
    "description": "Describes a method for performing hit tests against real world geometry to be used with the WebXR Device API.",
    "id": "webxr-hit-test",
    "mozBugUrl": null,
    "mozPosition": "defer",
    "mozPositionDetail": "We believe that (as of February 2020) more iteration on the specification draft is needed before we can establish a position.",
    "mozPositionIssue": 259,
    "org": "Proposal",
    "title": "WebXR Hit Test Module",
    "url": "https://immersive-web.github.io/hit-test/"
  },
  {
    "ciuName": null,
    "description": "This specification defines an API for running scripts in stages of the rendering pipeline independent of the main javascript execution environment.",
    "id": "worklets",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1315239",
    "mozPosition": "positive",
    "mozPositionDetail": "This specification is essential for allowing features like the CSS Paint API and CSS Layout API to be implemented in a safe way.",
    "mozPositionIssue": 93,
    "org": "W3C",
    "title": "Worklets",
    "url": "https://drafts.css-houdini.org/worklets"
  },
  {
    "ciuName": null,
    "description": "Zstandard, or \"zstd\" (pronounced \"zee standard\"), is a data compression mechanism. This document describes the mechanism and registers a media type and content encoding to be used when transporting zstd-compressed content via Multipurpose Internet Mail Extensions (MIME). Despite use of the word \"standard\" as part of its name, readers are advised that this document is not an Internet Standards Track specification; it is being published for informational purposes only.",
    "id": "zstd",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1301878",
    "mozPosition": "defer",
    "mozPositionDetail": "While we believe zstd is a promising technology, its use in a general-purpose web browser (given the existing slate of compression algorithms) has not been demonstrated to provide compelling new utility, and does not clearly warrant the additional maintenance cost and attack surface of adding such code. We are deferring a final position pending a more comprehensive and quantitative analysis of the benefits zstd would unlock on the web today - either dictionary-less, with static dictionaries, or with dynamic dictionaries. For either of the latter two options, we'd also need a credible plan for generating and delivering those dictionaries that aligns with our values.",
    "mozPositionIssue": 105,
    "org": "IETF",
    "title": "Zstandard Compression and the application/zstd Media Type",
    "url": "https://tools.ietf.org/html/rfc8478"
  },
  {
    "ciuName": "dialog",
    "description": "The dialog element represents a part of an application that a user interacts with to perform a task, for example a dialog box, inspector, or window.",
    "id": "dialog-element",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=840640",
    "mozPosition": "positive",
    "mozPositionDetail": "A high-level HTML feature for authors to achieve these use cases while getting a11y right seems useful, and we have an implementation.",
    "mozPositionIssue": 388,
    "org": "WHATWG",
    "title": "dialog element",
    "url": "https://html.spec.whatwg.org/multipage/interactive-elements.html#the-dialog-element"
  },
  {
    "ciuName": "mdn-html_global_attributes_enterkeyhint",
    "description": "The enterkeyhint attribute specifies what action label (or icon) to present for the enter key on virtual keyboards.",
    "id": "enterkeyhint-attr",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=1490661",
    "mozPosition": "positive",
    "mozPositionDetail": null,
    "mozPositionIssue": 68,
    "org": "WHATWG",
    "title": "enterkeyhint attribute",
    "url": "https://html.spec.whatwg.org/multipage/interaction.html#attr-enterkeyhint"
  },
  {
    "ciuName": "mdn-api_htmlelement_inert",
    "description": "Allow arbitrary DOM subtrees to become inert",
    "id": "inert-attr",
    "mozBugUrl": "https://bugzilla.mozilla.org/show_bug.cgi?id=921504",
    "mozPosition": "positive",
    "mozPositionDetail": "A high-level tool for authors to achieve some of these use cases while getting a11y right seems useful",
    "mozPositionIssue": 174,
    "org": "WHATWG",
    "title": "inert attribute",
    "url": "https://github.com/whatwg/html/pull/4288"
  },
  {
    "ciuName": null,
    "description": "Proposal to add various output attributes on HTML's &lt;input> elements that would allow developers to declare some conversions the browser could do to, for example, images and videos.",
    "id": "input-file-output-attributes",
    "mozBugUrl": null,
    "mozPosition": "neutral",
    "mozPositionDetail": "While this seems like it could be a useful capability to expose, we'd rather see it exposed in a way that can be composed with other existing APIs, and we're concerned that there's a risk of runaway complexity through adding more and more features to it.",
    "mozPositionIssue": 237,
    "org": "Proposal",
    "title": "output attributes on &lt;input type=file> element",
    "url": "https://discourse.wicg.io/t/proposal-native-media-optimization-and-basic-editing-support/4068"
  },
  {
    "ciuName": "mdn-css_at-rules_page_page-orientation",
    "description": "A descriptor for CSS @page rules that changes the orientation of the page in generated PDF output (or similar) without otherwise affecting layout.",
    "id": "page-orientation-descriptor",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "This is a simple addition (to a relatively complex existing feature, <a href=\"https://drafts.csswg.org/css-page-3/#using-named-pages\">named pages</a>) that can improve the experience of producing printed PDF output from web-based word processors or similar systems that largely do their own page layout.",
    "mozPositionIssue": 346,
    "org": "W3C",
    "title": "page-orientation descriptor",
    "url": "https://drafts.csswg.org/css-page-3/#page-orientation-prop"
  },
  {
    "ciuName": null,
    "description": "An attribute that specifies the rules for generating acceptable passwords.",
    "id": "passwordrules-attribute",
    "mozBugUrl": null,
    "mozPosition": "negative",
    "mozPositionDetail": "We believe this proposal, as drafted, encourages bad practices around passwords without encouraging good practices (such as minimum password length), and further has ambiguous and conflicting overlap with existing input validity attributes.  We believe the existing input validity attributes and API are sufficient for expressing password requirements.",
    "mozPositionIssue": 61,
    "org": "WHATWG",
    "title": "passwordrules attribute",
    "url": "https://github.com/whatwg/html/issues/3518"
  },
  {
    "ciuName": null,
    "description": "The new scroll events introduced in this document provide web developers a way to listen to the state of the scrolling and when their content is being overscrolled or when the scrolling has finished. This information will be useful for the effects such as pull to refresh or history swipe navigations in the web apps.",
    "id": "scrollend-and-overscroll-events",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "We believe these are likely to provide frequently-requested functionality that is useful for many web applications.",
    "mozPositionIssue": 240,
    "org": "Proposal",
    "title": "scrollend and overscroll events",
    "url": "https://github.com/w3c/csswg-drafts/pull/4537"
  },
  {
    "ciuName": null,
    "description": "The template element is used to declare fragments of HTML that can be cloned and inserted in the document by script.",
    "id": "template-element",
    "mozBugUrl": null,
    "mozPosition": "positive",
    "mozPositionDetail": "A reasonable addition to HTML (and XML), if not somewhat taxing on the parser.",
    "mozPositionIssue": 60,
    "org": "WHATWG",
    "title": "template element",
    "url": "https://html.spec.whatwg.org/multipage/scripting.html#the-template-element"
  },
  {
    "ciuName": null,
    "description": "An event that fires when the user's timezone changes.",
    "id": "timezonechange-event",
    "mozBugUrl": null,
    "mozPosition": "defer",
    "mozPositionDetail": "The timing of the delivery of this event to sites might expose users to cross-site tracking. How that risk is mitigated has not yet been decided, and that decision is likely to influence our position.",
    "mozPositionIssue": 241,
    "org": "WHATWG",
    "title": "timezonechange event",
    "url": "https://github.com/whatwg/html/pull/3047"
  }
]