See also: IRC log
trackbot, start telecon
<trackbot> Date: 29 May 2013
<scribe> Agenda: Diagnostics: Preflight JS Injection
Alois: We had discussed last week
that if you cannot reach the webpage, you can specify
JavaScript code that will be called.
... You would have a specific header, e.g., <JSPreflight
src="example.js">. The UA would store this page locally, and
if in the future the page isn't loaded, then this code is
run.
... And this would use the same caching rules as other
resources.
Jatinder: What about security issues with this?
Aaron: A malicious could use this
to track or execute. My worry is that the script is executing
on the client and it can send a lot of errors to the
server.
... From Bing's point of view, we're more interested in the
capture errors on the next load scenario. We worry that this
feature may create new security issues that could increase
server load.
Jatinder: I don't believe we have
limitations in the web platform today where we can limit script
execution based on origin. Today, any script added to a site,
regardless of origin, is run the same way.
... If there is a security concern, we should run this by our
security folks
Alois: I think there is a real benefit of getting real time error data, but we should follow up with security folks.
Aaron: Alternatively, instead of JavaScript, the browser could send a specific code/header back to the server to indicate an issue.
Alois: JavaScript would provide more information.
Jatinder: Let's follow up with our security teams and get back to this.
Alois: We could use a Chrome dev tool type JavaScript profiler that would send up the JavaScript calltree.
Jatinder: Would you run this for all users?
Alois: The idea would be that if some user has a problem, you can send them a link and the user would click on the link and the browser would gather the JavaScript callstack.
Dan: This would seem like a lot of data to specify in the specification.
Alois: We can use the Chrome and IE dev tools as a start point.
Dan: This will probably be a lot of data.
Alois: You would turn this on by demand. You would turn this on based on after a user passes a certain thershold. This is kind of an extension of User Timing, where there would be more information to help debug.
Dan: Would the user need to give consent to send this data?
Alois: We can talk about the privacy concern, but using JavaScript as is today you can already get 80-90% of data.
Dan: You would want to make sure that we don't track the user through the web, e.g., by looking at the URL.
Jatinder: Is the core usecase the 'support call' scenario where someone calls to state they have an issue and somone uses this API to gather that information.
Alois: Yes, that's main the one.
Alois: An APIs that provides runtime metrics on rendering, layout, garbage collection, CPU utilization, GPU utilization, memory consumption, etc.
Jatinder: Have you used Windows
Performance Analyzer? It uses ETW events to gather similar type
of data. However, there is a lot of information and data to
send up if you tried to do this on the web platform.
... You'd want to put together a minimal list of metrics that
develoeprs would find useful. I'd love to understand how much
this is necessary compared to just dev tools.
Alois: The goal here is to provide more detailed networking information, like IP address, HTTP headers. There are privacy concerns here that would need to be figured out.
Alois: You can do this using script and user timing, but it would be easier to measure the end to end event timing by using an API to hook into events. This is lower priority compared to the other listed items.
This is scribe.perl Revision: 1.138 of Date: 2013-04-25 13:59:11 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) No ScribeNick specified. Guessing ScribeNick: JatinderMann Inferring Scribes: JatinderMann Default Present: Alois, Plh, +1.949.754.aaaa, Rob, Jatinder, [Microsoft], Aaron, Daniel Present: Alois Plh +1.949.754.aaaa Rob Jatinder [Microsoft] Aaron Daniel RobDickenson alois plh AaronHeady WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth Found Date: 29 May 2013 Guessing minutes URL: http://www.w3.org/2013/05/29-webperf-minutes.html People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option.[End of scribe.perl diagnostic output]