1. Introduction
As the page is loading and while the user is interacting with the page afterwards, both the application and browser queue various events that are then executed by the browser -- e.g. user agent schedules input events based on user’s activity, the application schedules callbacks for requestAnimationFrame and other callbacks, etc. Once in the queue, the browser dequeues these events one-by-one and executes them.
However, some tasks can take a long time (multiple frames) and if/when that happens, the UI thread may become blocked and block all other tasks as well. To the user, this is commonly visible as a "locked up" page where the browser is unable to respond to user input; this is a major source of bad user experience on the web today:
- Delayed "time to Interactive":
-
while the page is loading, or even completely visually rendered, long tasks often tie up the main thread and prevent the user from interacting with the page. Poorly designed third-party content is frequently the culprit.
- High/variable input latency:
-
critical user-interaction events (e.g. tap, click, scroll, wheel, etc.) are queued behind long tasks which yields janky and unpredictable user experience.
- High/variable event handling latency:
-
like input, processing event callbacks (e.g. onload events, etc.) delay application updates.
- Janky animations and scrolling:
-
some animation and scrolling interactions require coordination between compositor and main threads; if a long task is blocking the main thread it can affect responsiveness of animations and scrolling.
Some applications (and RUM vendors) are already attempting to identify and track cases where "long tasks" happen. For example, one known pattern is to install a ~short periodic timer and inspect the elapsed time between the successive expirations: if the elapsed time is greater than the timer period, then there is high likelihood that one or more long tasks have delayed execution of the event loop. This approach mostly works but has several bad performance implications: by polling to detect long tasks, the application prevents quiescence and long idle blocks (see requestIdleCallback); it’s bad for battery life; there is no way to know what is causing the delay (e.g. first party or third party code).
The RAIL performance model suggests that applications should respond to user input in less than 100ms (for touch move and scrolling, the threshold is 16ms). The goal of this API is to surface notifications about tasks that may prevent the application from hitting these targets. This API surfaces tasks that take 50ms or more. A website without these tasks should respond to user input in under 100ms: it will take less than 50ms to finish the task that is being executed when the user input is received and less than 50ms to execute the task to react to such user input.
1.1. Usage Example
const observer= new PerformanceObserver( function ( list) { for ( const entryof list. getEntries()) { // Process long task notifications: // report back for analytics and monitoring // ... } }); // Register observer for previous and future long task notifications. observer. observe({ type: "longtask" , buffered: true }); // Long script execution after this will result in queueing // and receiving "longtask" entries in the observer. // Register observer for previous and future long animation frame notifications. // After this, long periods where the main thread is busy will result in queueing // and receiving "long-animation-frame" entries in the observer. observer. observe({ type: "long-animation-frame" , buffered: true });
1.2. Long Animation Frames vs. Long Tasks
While both long tasks and long animation frames measure congestion and jank, long animation frames provide information that has a better correlation with how user preceive this type of congestion. That’s because long animation frames measure a sequence that begins when the main thread is idle, and end when the frame either renders or the user agents decides there is nothing to render.
The task term is somewhat of an implementation detail, and the long animation frame addition attempts to remedy that by introducing a more user-centric metric of the same phenomenon of main thread congestion/jank.
Because long animation frames are guaranteed to have a maximum of one rendering phase, we can also
use them to expose additional information about the rendering phase itself, such as renderStart
and styleAndLayoutStart
.
For a detailed explanation about long animation frames, see the explainer.
2. Terminology
Long task refers to any of the following occurrences whose duration exceeds 50ms:
-
An event loop task plus the perform a microtask checkpoint that follows immediately afterwards. This captures the duration of an event loop task, including its associated microtasks.
-
An update the rendering step within the event loop processing model.
-
A pause between the last step and the next first step of the event loop processing model. This captures any work that the user agent performs in its UI thread outside of the event loop.
The browsing context container for a browsing context bc is bc’s active document's node navigable's container.
Note: This term is outdated, and the new terms should be reused when revamping this.
Culprit browsing context container refers to the browsing context container (iframe
, object
, etc.) that is being implicated, on the whole, for a long task.
Attribution refers to identifying the type of work (such as script, layout etc.) that contributed significantly to the long task, as well as identifying which culprit browsing context container is responsible for that work.
Long animation frame refers to any of the following occurrences whose duration exceeds 50ms:
-
A task, after which updating the rendering is not necessary.
-
A task after which updating the rendering is necessary, up until rendering is updated.
3. Long Task Timing
Long Task timing involves the following new interfaces:
3.1. PerformanceLongTaskTiming
interface
[Exposed =Window ]interface :
PerformanceLongTaskTiming PerformanceEntry { /* Overloading PerformanceEntry */readonly attribute DOMHighResTimeStamp ;
startTime readonly attribute DOMHighResTimeStamp ;
duration readonly attribute DOMString ;
name readonly attribute DOMString ;
entryType readonly attribute FrozenArray <TaskAttributionTiming >attribution ; [Default ]object (); };
toJSON
The values of the attributes of a PerformanceLongTaskTiming
are set in the processing model in § 5.1 Report long tasks. The following provides an informative summary of how they will be set.
The name
attribute’s getter will return one of the following strings:
- "
unknown
" -
The long task originated from work that the user agent performed outside of the event loop.
- "
self
" -
The long task originated from an event loop task within this browsing context.
- "
same
"- origin- ancestor -
The long task originated from an event loop task within a same-origin ancestor navigable.
- "
same
"- origin- descendant -
The long task originated from an event loop task within a same-origin descendant browsing context.
- "
same
"- origin -
The long task originated from an event loop task within a same-origin browsing context that is not an ancestor or descendant.
- "
cross
"- origin- ancestor -
The long task originated from an event loop task within a cross-origin ancestor navigable.
- "
cross
"- origin- descendant -
The long task originated from an event loop task within a cross-origin descendant browsing context.
- "
cross
"- origin- unreachable -
The long task originated from an event loop task within a cross-origin browsing context that is not an ancestor or descendant.
- "
multiple
"- contexts -
The long task originated from an event loop task involving multiple browsing contexts.
Note: There are some inconsistencies across these names, such as the "-unreachable" and the "-contexts" suffixes. These names are kept for backward compatibility reasons.
The entryType
attribute’s getter step is to return
.
The startTime
attribute’s getter step is to return a DOMHighResTimeStamp
of when the task started.
The duration
attribute’s getter step is to return a DOMHighResTimeStamp
equal to the elapsed time between the start and end of task, with a 1 ms granularity.
The attribution
attribute’s getter will return a frozen array of TaskAttributionTiming
entries.
3.2. TaskAttributionTiming
interface
[Exposed =Window ]interface :
TaskAttributionTiming PerformanceEntry { /* Overloading PerformanceEntry */readonly attribute DOMHighResTimeStamp ;
startTime readonly attribute DOMHighResTimeStamp ;
duration readonly attribute DOMString ;
name readonly attribute DOMString ;
entryType readonly attribute DOMString containerType ;readonly attribute DOMString containerSrc ;readonly attribute DOMString containerId ;readonly attribute DOMString containerName ; [Default ]object (); };
toJSON
The values of the attributes of a TaskAttributionTiming
are set in the processing model in § 5.1 Report long tasks. The following provides an informative summary of how they will be set.
The name
attribute’s getter will always return "unknown
".
The entryType
attribute’s getter will always return "taskattribution
".
The startTime
attribute’s getter will always return 0.
The duration
attribute’s getter will always return 0.
The containerType
attribute’s getter will return the type of the culprit browsing context container, such as "iframe
", "embed
", or "object
". If no single culprit browsing context container is found, it will return "window
".
The containerName
attribute’s getter will return the value of the container’s name
content attribute. If no single culprit browsing context container is found, it will return the empty string.
The containerId
attribute’s getter will return the value of the container’s id
content attribute. If no single culprit browsing context container is found, it will return the empty string.
The containerSrc
attribute’s getter will return the value of the container’s src
content attribute. If no single culprit browsing context container is found, it will return the empty string.
3.3. Pointing to the culprit
This section is non-normative.
A long task can involve different types of work (such as script, layout, style etc), and it could be executed within different browsing contexts, or it could be global in nature such as a long garbage collection that spans the entire agent cluster or unit of related browsing contexts.
Thus attribution has a couple of facets:
-
Pointing to the origin of the long task and/or the overall location of the culprit browsing context: this is referred to as minimal culprit attribution and is captured in the
name
field. -
Pointing to the type of work involved in the long task, and its associated culprit browsing context container: this is captured in
TaskAttributionTiming
objects in theattribution
field ofPerformanceLongTaskTiming
.
Therefore, name
and attribution
fields on PerformanceLongTaskTiming
together paint the picture for where the blame rests for a long task.
When delivering this information the Web’s same-origin policy must be adhered to.
These fields are not independent. The following gives an overview of how they are related:
name
| Culprit browsing context container implicated by attribution
|
---|---|
"self "
| empty |
"same "
| same-origin culprit |
"same "
| same-origin culprit |
"same "
| same-origin culprit |
"cross "
| empty |
"cross "
| empty |
"cross "
| empty |
"multiple "
| empty |
"unknown "
| empty |
4. Long Animation Frame Timing
Long Animation Frame timing involves the following new interfaces:
4.1. PerformanceLongAnimationFrameTiming
interface
[Exposed =Window ]interface :
PerformanceLongAnimationFrameTiming PerformanceEntry { /* Overloading PerformanceEntry */readonly attribute DOMHighResTimeStamp ;
startTime readonly attribute DOMHighResTimeStamp ;
duration readonly attribute DOMString ;
name readonly attribute DOMString ;
entryType readonly attribute DOMHighResTimeStamp ;
renderStart readonly attribute DOMHighResTimeStamp ;
styleAndLayoutStart readonly attribute DOMHighResTimeStamp ;
blockingDuration readonly attribute DOMHighResTimeStamp ; [
firstUIEventTimestamp SameObject ]readonly attribute FrozenArray <PerformanceScriptTiming >; [
scripts Default ]object (); };
toJSON
A PerformanceLongAnimationFrameTiming
has a frame timing info timing info.
The entryType
attribute’s getter step is to return
.
The name
attribute’s getter step is to return
.
The startTime
attribute’s getter step is to return the relative high resolution time given this's timing info's start time and this's relevant global object.
The duration
attribute’s getter step is to return the duration between this's startTime
and the relative high resolution time given this's timing info's end time and this's relevant global object.
The renderStart
attribute’s getter step is to return the relative high resolution time given this's timing info's update the rendering start time and this's relevant global object.
The styleAndLayoutStart
attribute’s getter step is to return the relative high resolution time given this's timing info's style and layout start time and this's relevant global object.
The firstUIEventTimestamp
attribute’s getter step is to return the relative high resolution time given this's timing info's first ui event timestamp and this's relevant global object.
The blockingDuration
attribute’s getter steps are:
-
Let workDuration be this's timing info's longest task duration.
-
Let renderDuration be the 0.
-
If this's timing info's update the rendering start time is not zero, then:
-
Set renderDuration to the duration between this's
renderStart
and the relative high resolution time given this's timing info's end time.
-
-
If workDuration + renderDuration is greater than 50, then return workDuration + renderDuration - 50 milliseconds.
-
Return 0.
The scripts
attribute’s getter steps are:
-
Let scripts be a list « ».
-
Let entryWindow be this’s relevant global object.
-
For each scriptInfo in this's frame timing info's scripts:
-
Let scriptWindow be scriptInfo’s window.
-
Let scriptEntry be a new
PerformanceScriptTiming
in this's relevant realm, whose timing info is scriptInfo and whose window attribution is the value corresponding to the first matching statement:- scriptWindow is undefined
- scriptWindow is entryWindow
- entryWindow’s associated
Document
's node navigable's ancestor navigables contains scriptWindow’s associatedDocument
's node navigable - scriptWindow’s associated
Document
's node navigable's ancestor navigables contains entryWindow’s associatedDocument
's node navigable - entryWindow’s associated
Document
's node navigable's top-level traversable is scriptWindow’s associatedDocument
's node navigable's top-level traversable - Otherwise
-
Append scriptEntry to scripts.
-
-
Return scripts.
4.2. PerformanceScriptTiming
interface
enum {
ScriptInvokerType ,
"classic-script" ,
"module-script" ,
"event-listener" ,
"user-callback" ,
"resolve-promise" };
"reject-promise" enum {
ScriptWindowAttribution ,
"self" ,
"descendant" ,
"ancestor" ,
"same-page" }; [
"other" Exposed =Window ]interface :
PerformanceScriptTiming PerformanceEntry { /* Overloading PerformanceEntry */readonly attribute DOMHighResTimeStamp ;
startTime readonly attribute DOMHighResTimeStamp ;
duration readonly attribute DOMString ;
name readonly attribute DOMString ;
entryType readonly attribute ScriptInvokerType ;
invokerType readonly attribute DOMString ;
invoker readonly attribute DOMHighResTimeStamp ;
executionStart readonly attribute DOMString ;
sourceLocation readonly attribute DOMHighResTimeStamp ;
pauseDuration readonly attribute DOMHighResTimeStamp ;
forcedStyleAndLayoutDuration readonly attribute Window ?;
window readonly attribute ScriptWindowAttribution ; [
windowAttribution Default ]object (); };
toJSON
A PerformanceScriptTiming
has an associated script timing info timing info.
A PerformanceScriptTiming
has an associated ScriptWindowAttribution
window attribution.
The entryType
attribute’s getter step is to return
.
The name
attribute’s getter step is to return
.
The invokerType
attribute’s getter step is to return this's timing info's invoker type.
The invoker
attribute’s getter steps are:
-
Switch on this’s
invokerType
:- "`classic-script`"
- "`module-script`"
-
Return this’s timing info's source url.
- "`event-listener`"
-
-
Let targetName be this’s timing info's invoker name.
-
If this’s timing info's event target element id is not the empty string, then: Set targetName to the concatenation of « targetName, "#", this’s timing info's event target element id ».
-
Otherwise, If this’s timing info's event target element src attribute is not the empty string, then: Set targetName to the concatenation of « targetName, '[src=', this’s timing info's event target element src attribute, ']' ».
-
Return the concatenation of « targetName, ".on", this's timing info's event type ».
-
- "`user-callback`"
-
Return this’s timing info's invoker name.
- "`resolve-promise`"
- "`reject-promise`"
-
-
If this’s timing info's invoker name is the empty string, then:
-
If this’s
invokerType
is "`resolve-promise`", then return "`Promise.resolve`". -
Otherwise, return "`Promise.reject`".
-
-
Let thenOrCatch be "`then`" if
invokerType
is "`resolve-promise`"; otherwise "`reject-promise`". -
Return the concatenation of « invoker name, ".", thenOrCatch ».
-
- "`classic-script`"
The startTime
attribute’s getter step is to return the relative high resolution time given this's timing info's start time and this's relevant global object.
The duration
attribute’s getter step is to return the duration between this's startTime
and the relative high resolution time given this's timing info's end time and this's relevant global object.
The executionStart
attribute’s getter step is to return 0 if this's timing info's execution start time is 0; Otherwise the relative high resolution time given this's timing info's execution start time and this's relevant global object.
The forcedStyleAndLayoutDuration
attribute’s getter step is to return an implementation-defined value that represents time spent performing style and layout synchronously, e.g. by calling getComputedStyle()
or getBoundingClientRect()
.
Find a way to make this interoperable/normative. Perhaps mark those functions in WebIDL as requiring synchronous style/layout? Also move to timing info once that’s resolved.
The pauseDuration
attribute’s getter step is to return this's timing info's pause duration.
The sourceLocation
attribute’s getter steps are:
-
If this's timing info's source url is the empty string, return the empty string.
-
Let serializedSourceLocation be this's timing info's source url.
-
If this's timing info's source function name is not the empty string, then set serializedSourceLocation to the concatenation of « this's timing info's source function name, "@", serializedSourceLocation ».
-
If this's timing info's source character position is greater than -1, then set serializedSourceLocation to the concatenation of «serializedSourceLocation, ":", this's timing info's source character position ».
-
Return serializedSourceLocation.
The window
attribute’s getter steps are:
-
Let window be the result of calling deref on this's timing info's window.
-
If window is undefined, then return null; Otherwise return window.
The windowAttribution
attribute’s getter step is to return this's window attribution.
5. Processing model
Note: A user agent implementing the Long Tasks or Long Animation Frame API would need to include
or
in supportedEntryTypes
for Window
contexts, respectively.
This allows developers to detect support for long tasks.
5.1. Report long tasks
-
Report task end time given end time and task’s document.
-
If end time minus start time is less than the long tasks threshold of 50 ms, abort these steps.
-
Let destinationRealms be an empty set.
-
Determine the set of JavaScript Realms to which reports will be delivered:
For each top-level browsing context topmostBC in top-level browsing contexts:
-
Add topmostBC’s active document's relevant Realm to destinationRealms.
-
Let descendantBCs be topmostBC’s active document's list of the descendant browsing contexts.
-
Let document be descendantBC’s active document.
-
For each descendantBC in descendantBCs, add (document’s relevant Realm, document’s relevant settings object's cross-origin isolated capability) to destinationRealms.
-
-
A user agent may remove some JavaScript Realms from destinationRealms.
Note: this removal could be used to avoid reporting long tasks for JavaScript Realms that the user agent handles in a separate process. However, this concept is not specified precisely.
there is some ongoing discussion regarding the scope of which Documents
gain visibility over which long tasks, so this logic could change in the future. [Issue #75]
-
For each (destinationRealm, crossOriginIsolatedCapability) in destinationRealms:
-
Let name be the empty string. This will be used to report minimal culprit attribution, below.
-
Let culpritSettings be
.null -
Process task’s script evaluation environment settings object set to determine name and culpritSettings as follows:
-
If task’s script evaluation environment settings object set is empty: set name to "
unknown
" and culpritSettings to
.null -
Otherwise, if task’s script evaluation environment settings object set's length is greater than one: set name to "
multiple
" and culpritSettings to- contexts
.null -
Otherwise, i.e. if task’s script evaluation environment settings object set's length is one:
-
Set culpritSettings to the single item in task’s script evaluation environment settings object set.
-
Let destinationSettings be destinationRealm’s relevant settings object.
-
Let destinationOrigin be destinationSettings’s origin.
-
Let destinationBC be destinationSettings’s global object's browsing context.
-
Let culpritBC be culpritSettings’s global object's browsing context.
-
Assert: culpritBC is not
.null -
If culpritSettings is the same as destinationSettings, set name to "
self
". -
Otherwise, if culpritSettings’s origin and destinationOrigin are same origin:
-
If destinationBC is
, set name to "null same
".- origin -
Otherwise, if culpritBC is an ancestor of destinationBC, set name to "
same
".- origin- ancestor -
Otherwise, if destinationBC is an ancestor of culpritBC, set name to "
same
".- origin- descendant -
Otherwise, set name to "
same
".- origin
-
-
Otherwise:
-
If destinationBC is
, set name to "null cross
".- origin- unreachable -
Otherwise, if culpritBC is an ancestor of destinationBC, set name to "
cross
" and set culpritSettings to- origin- ancestor
.null NOTE: this is not reported because of security. Developers should look this up themselves.
-
Otherwise, if destinationBC is an ancestor of culpritBC, set name to "
cross
".- origin- descendant -
Otherwise, set name to "
cross
".- origin- unreachable
-
-
-
-
Let attribution be a new
TaskAttributionTiming
object with destinationRealm and set its attributes as follows:-
Set attribution’s
name
attribute to "unknown
".NOTE: future iterations of this API will add more values to the
name
attribute of aTaskAttributionTiming
object, but for now it can only be a single value. -
Set attribution’s
entryType
attribute to
."taskattribution" -
Set attribution’s
containerType
attribute to
."window" -
Set attribution’s
containerName
andcontainerSrc
attributes to the empty string. -
If culpritSettings is not
:null -
Let culpritBC be culpritSettings’s global object's browsing context.
-
Assert: culpritBC is not
.null -
Let container be culpritBC’s browsing context container.
-
Assert: container is not
.null -
Set attribution’s
containerId
attribute to the value of container’s ID, or the empty string if the ID is unset. -
If container is an
iframe
element:-
Set attribution’s
containerType
attribute to "iframe
". -
Set attribution’s
containerName
attribute to the value of container’sname
content attribute, or the empty string if the attribute is absent. -
Set attribution’s
containerSrc
attribute to the value of container’ssrc
content attribute, or the empty string if the attribute is absent.
NOTE: it is intentional that we record the frame’s
src
attribute here, and not its current URL, as this is meant primarily to help identify frames, and allowing discovery of the current URL of a cross-origin iframe is a security problem. -
-
If container is a
frame
element:-
Set attribution’s
containerType
attribute to "frame
". -
Set attribution’s
containerName
attribute to the value of container’sname
content attribute, or the empty string if the attribute is absent. -
Set attribution’s
containerSrc
attribute to the value of container’ssrc
content attribute, or the empty string if the attribute is absent.
-
-
If container is an
object
element:-
Set attribution’s
containerType
attribute to "object
". -
Set attribution’s
containerName
attribute to the value of container’s name content attribute, or the empty string if the attribute is absent. -
Set attribution’s
containerSrc
attribute to the value of container’sdata
content attribute, or the empty string if the attribute is absent.
-
-
If container is an
embed
element:-
Set attribution’s
containerType
attribute to "embed
". -
Set attribution’s
containerName
attribute to the empty string. -
Set attribution’s
containerSrc
attribute to the value of container’ssrc
content attribute, or the empty string if the attribute is absent.
-
-
-
-
Create a new
PerformanceLongTaskTiming
object newEntry with destinationRealm and set its attributes as follows:-
Set newEntry’s
name
attribute to name. -
Set newEntry’s
entryType
attribute to "longtask
". -
Set newEntry’s
startTime
attribute to the result of coarsening start time given crossOriginIsolatedCapability. -
Let dur be the result of coarsening end time given crossOriginIsolatedCapability, minus newEntry’s
startTime
. -
Set newEntry’s
duration
attribute to the integer part of dur. -
If attribution is not
, set newEntry’snull attribution
attribute to a new frozen array containing the single value attribution.NOTE: future iterations of this API will add more values to the
attribution
attribute, but for now it only contains a single value.
-
-
Queue the PerformanceEntry newEntry.
-
5.2. Frame Timing Info
frame timing info is a struct used as a bookkeeping detail by the long animation frame algorithms. It has the following items:- start time
- current task start time
- update the rendering start time
- style and layout start time
- first ui event timestamp
- end time
- current task start time
-
A
DOMHighResTimeStamp
, initially 0. Note: all the above are [=monotonic clock/unsafe current time=|unsafe=], and should be coarsened when exposed via an API. - longest task duration
-
A
DOMHighResTimeStamp
, initially 0. - scripts
-
A list of script timing info, initially empty.
- pending script
-
Null or a script timing info, initially null.
script timing info is a struct. It has the following items:
- invoker type
- start time
- end time
- execution start time
- end time
-
An unsafe
DOMHighResTimeStamp
, initially 0. - pause duration
-
A
DOMHighResTimeStamp
representing a number of milliseconds, initially 0. - invoker name
- source url
- source function name
- event type
- event target element id
- event target element src attribute
- source url
-
A string, initially the empty string.
- source character position
-
A number, initially -1.
- window
A Document
has a null or frame timing info current frame timing info, initially null.
5.3. Report Long Animation Frames
5.3.1. Long Animation Frame Monitoring {#loaf-monitoring}
Document
document:
-
Let ancestors be the ancestor navigables of document.
-
For each ancestorNavigable in ancestors: If ancestorNavigable’s active document's origin is same origin with document’s origin, and ancestorNavigable’s active document's relevant agent is document’s relevant agent, then return ancestorNavigable’s active document.
-
Return document.
The relevant frame timing info for a Document
document is its nearest same-origin root's current frame timing info.
DOMHighResTimeStamp
unsafeTaskStartTime, and a Document
document:
-
Let root be document’s nearest same-origin root.
-
If root’s current frame timing info is null, then set root’s current frame timing info to a new frame timing info whose start time is unsafeTaskStartTime.
-
Set root’s current frame timing info's current task start time to unsafeTaskStartTime.
-
If root’s current frame timing info's 's start time is 0, then set root’s current frame timing info's start time to unsafeTaskStartTime.
DOMHighResTimeStamp
unsafeTaskEndTime, and a Document
document:
-
Let timingInfo be document’s relevant frame timing info.
-
If timingInfo is null, then return.
Note: This can occur if the browser becomes hidden during the sequence.
-
Let safeTaskEndTime be the relative high resolution time given unsafeTaskEndTime and document’s relevant global object.
-
Let safeTaskStartTime be the relative high resolution time given timingInfo’s current task start time and document’s relevant global object.
-
Let currentTaskDuration be the duration between safeTaskStartTime and safeTaskEndTime.
-
If currentTaskDuration is greater than timingInfo’s longest task duration, then set timingInfo’s longest task duration to currentTaskDuration.
-
If the user agent believes that updating the rendering of document’s node navigable would have no visible effect, then flush frame timing given document and return.
Note: even though there was no actual visual update, we mark a long animation frame here because it would be blocking in a scenario where it coincided with an unrelated visual update.
Document
document, and a DOMHighResTimeStamp
unsafeStyleAndLayoutStart:
-
Let timingInfo be document’s relevant frame timing info.
-
If timingInfo is null, then return.
Note: This can occur if the browser becomes hidden during the sequence.
-
Set timingInfo’s update the rendering start time to timingInfo’s current task start time.
-
Set timingInfo’s style and layout start time to unsafeStyleAndLayoutStart.
-
Flush frame timing given document and the unsafe shared current time.
Document
document and a DOMHighResTimeStamp
unsafeEndTime:
-
Let timingInfo be document’s relevant frame timing info.
-
Assert: timingInfo is not null.
-
Let global be document’s relevant global object.
-
Let frameDuration be the duration between the relative high resolution time given timingInfo’s start time and global, and the relative high resolution time given unsafeEndTime and global.
-
If frameDuration is greater than 50 milliseconds, then Queue a new
PerformanceLongAnimationFrameTiming
in document’s relevant realm, whose timing info is timingInfo. -
set document’s nearest same-origin root's current frame timing info to null.
5.3.2. Long Script Monitoring
-
Set scriptTimingInfo’s invoker name to callback’s identifier.
-
Apply source location for scriptTimingInfo given callback.
Function
handler, an environment settings object settings, and a boolean repeat: Create script entry point given settings, "`user-callback`",
and the following steps given a script timing info scriptTimingInfo:
-
Let setTimeoutOrInterval be "setInterval" if repeat is true, "setTimeout" otherwise.
-
Set scriptTimingInfo’s invoker name to concatenation of « TimerHandler:", setTimeoutOrInterval ».
-
If handler is a
Function
, then apply source location for scriptTimingInfo given handler.
Event
event and an EventListener
listener: Create script entry point given listener’s relevant settings object, "`event-listener`",
and the following steps given a script timing info scriptTimingInfo and a frame timing info frameTimingInfo:
-
Set scriptTimingInfo’s event type to event’s
type
. -
Let target be event’s
currentTarget
. -
If target is a
Node
, then:-
Set scriptTimingInfo’s invoker name to target’s
nodeName
. -
If target is an
Element
, then:-
Set scriptTimingInfo’s event target element id to target’s id.
-
Set scriptTimingInfo’s event target element src attribute to the result of getting an attribute value by name "`src`" and target.
-
-
-
Else, set scriptTimingInfo’s invoker name to target’s interface name.
-
Apply source location for scriptTimingInfo given listener’s callback.
-
If event is a
UIEvent
, and frameTimingInfo’s first ui event timestamp is 0, then set frameTimingInfo’s first ui event timestamp to event’stimeStamp
.
Promise
promise and a "`resolve-promise`" or "`reject-promise`" type:
-
Create script entry point given promise’s relevant realm's settings object, type, and the following steps given a script timing info scriptTimingInfo:
-
Set scriptTimingInfo’s invoker name to promise’s invoker name when created.
-
Set scriptTimingInfo’s source url to promise’s script url when created.
-
-
If url’s scheme is "`http`" or "`https`", then set scriptTimingInfo’s source url to script’s base URL.
-
Otherwise, if url’s scheme is "`blob`" or "`data`" then set scriptTimingInfo’s source url to the concatenation of « url’s scheme, ":"" ».
-
Create script entry point with script’s settings object, "`classic-script`", and the following step given a script timing info scriptTimingInfo: Set source url for script block given scriptTimingInfo, script, and originalSourceURL.
-
Let settings be script’s settings object.
-
If script’s muted errors is true, then return.
-
If settings is not a
Window
, then return. -
Let document be settings’s
document
. -
Let frameTimingInfo be document’s relevant frame timing info.
-
If frameTimingInfo is null or if frameTimingInfo’s pending script is not null, then return.
-
Assert: frameTimingInfo’s pending script's invoker type is "`classic-script`".
-
Set frameTimingInfo’s pending script's execution start time to the unsafe shared current time.
-
Set scriptTimingInfo’s execution start time to script’s scriptTimingInfo’s start time.
-
Set source url for script block given scriptTimingInfo, script, and script’s base URL.
ScriptInvokerType
invokerType, and steps,
which is an algorithm that takes a script timing info and an optional frame timing info:
-
If settings is not a
Window
, then return. -
Let document be settings’s
document
. -
If document is not fully active or
, then return.
-
Let frameTimingInfo be document’s relevant frame timing info.
-
If frameTimingInfo is null, then return.
-
If frameTimingInfo’s pending script is not null, then return.
-
Let scriptTimingInfo be a new script timing info whose start time is the unsafe shared current time, and whose invoker type is invokerType.
-
Run steps given scriptTimingInfo and frameTimingInfo.
-
Set scriptTimingInfo’s window to settings.
-
Set frameTimingInfo’s pending script to scriptTimingInfo.
-
Let script be the running script.
-
Let settings be script’s settings object.
-
Let document be settings’s
document
. -
If document is not fully active or
, then return.
-
Let frameTimingInfo be document’s relevant frame timing info.
-
Let scriptTimingInfo be frameTimingInfo’s pending script.
-
Set frameTimingInfo’s pending script to null.
-
If scriptTimingInfo is null, then return.
-
Set scriptTimingInfo’s end time to the unsafe shared current time.
-
If script is a classic script whose muted errors is true, then:
-
set scriptTimingInfo’s source url to the empty string.
-
set scriptTimingInfo’s source character position to -1.
-
set scriptTimingInfo’s source function name to the empty string.
-
-
If the duration between scriptTimingInfo’s start time and scriptTimingInfo’s end time is greater than 5 milliseconds, then append scriptTimingInfo to frameTimingInfo’s scripts.
Function
callback:
-
The user agent may set scriptTimingInfo’s source url to the source URL of the script where callback was defined.
-
The user agent may set scriptTimingInfo’s source function name to the function name of callback.
-
The user agent may set scriptTimingInfo’s source character position to the character position where callback was defined.
-
Let script be the running script.
-
Let settings be script’s settings object.
-
If settings is not a
Window
, then return. -
Let document be settings’s
document
. -
If document is not fully active or
, then return.
-
Let frameTimingInfo be document’s relevant frame timing info.
-
If frameTimingInfo is null, then return.
-
If frameTimingInfo’s pending script is null, then return.
-
Increment frameTimingInfo’s pending script's pause duration by the milliseconds value of duration.
6. Additions to existing standards
6.1. Monkey-patches to the WebIDL standard
Promise
interface has an associated string invoker name when created, initially "`Promise`".
The Promise
interface has an associated string script url when created, initially the empty string.
Append the following steps to creating a new promise, before returning the Promise
:
-
Let interfaceName be a string representing the interface responsible for creating this promise.
-
Let attributeName be a string representing the attribute in the interface responsible for creating this promise.
-
Set the created
Promise
's script url when created to the running script's base URL. -
The user-agent may set the created
Promise
's invoker name when created to the last known concatenation of « interfaceName, ".", attributeName »this is quite handwavy, because this is difficult to do in a normative way. Need to see if that can be improved, or if the source location for promise handlers would remain a bit implementation-defined.
Prepend the following step to resolve a promise given Promise
p: Report promise resolver given p and "`resolve-promise`".
Prepend the following step to reject a promise given Promise
p: Report promise resolver given p and "`reject-promise`".
6.2. Monkey-patches to the DOM standard
Window
(after step 8.2), assuming an event listener listener: Report event handler given global’s event
and listener. 6.3. Monkey-patches to the HTML standard
-
Report task start time given taskStartTime and oldestTask’s document.
Document
:
-
Let unsafeStyleAndLayoutStartTime be the unsafe shared current time.
Insert the following steps after [update the rendering](https://html.spec.whatwg.org/multipage/webappapis.html#update-the-rendering) step 6.18, right after calling mark paint timing, using the existing docs variable:
-
Let unsafeRenderingEndTime be the unsafe shared current time.
-
Report rendering time for each fully active
Document
object in docs given unsafeRenderingEndTime unsafeStyleAndLayoutStartTime.
Function
or string handler, a WindowOrWorkerGlobalScope
global, and a boolean repeat:
-
Report timer handler given handler, global’s relevant settings object, and repeat.
-
Let unsafeStyleAndLayoutStartTime be the unsafe shared current time.
Insert the following steps after [update the rendering](https://html.spec.whatwg.org/multipage/webappapis.html#update-the-rendering) step 6.18, right after calling mark paint timing, using the existing docs variable:
-
Let unsafeRenderingEndTime be the unsafe shared current time.
-
Report rendering time for each fully active
Document
object in docs given unsafeRenderingEndTime unsafeStyleAndLayoutStartTime.
Insert a step to the create a classic script steps, before parsing the script, assuming the script variable is populated, assuming a url variable: Report classic script creation given script and url.
Insert a step to the run a classic script steps, before preparing to run a script (between steps 2 and 3): Report classic script execution start given script.
Insert a step to the run a module script steps, before preparing to run a script (between steps 2 and 3): Report module script execution start given script.
Prepend the following step: Let timeBeforePause be the unsafe current time.
Append the following step: Report pause duration given the duration between timeBeforePause and the unsafe current time.
7. Security & privacy considerations
Long Tasks API adheres to the same-origin policy by including origin-safe attribution information about the source of the long task. There is a 50ms threshold for long tasks. Durations are only provided in 1 ms granularity. Together this provides adequate protection against cross-origin leaks.
The Long Tasks API provides timing information about the duration and type of tasks executed by the user, as well as attribution such as the browsing context causing the function calls. This could enable an attacker to perform side-channel timing attacks to guess the user’s action, or identify the user. For example, a pattern of long script followed by a long render could be put together to guess user’s interaction with a social widget. Detailed function call attribution would be used to determine the user’s action.
While the API doesn’t introduce any new privacy attacks, it could make existing privacy attacks faster. Mitigations for this are possible and can be implemented as needed:
-
Further clamp or add random jitter to the long task duration provided by the API to make attacks harder to exploit.
-
Limit the number of origins for which longtasks are exposed by the API, and obfuscate the attribution of any tasks afterwards. For instance, a page with 5 iframes could receive only attribution for tasks from 3 of those iframes, and would receive no attribution (
name
set tounknown
") for tasks from the other 2. -
Allow dropping the culprit/attribution information after a certain threshold. For instance, after 10 longtasks all entries would receive no attribution and their
name
would be "unknown
". -
Add a built-in delay to the timing information exposed to make attacks dependent on longtask volume harder to execute.
7.1. What is Exposed to Observers?
All observers within the top level page (i.e. all iframes in the page and the main frame) will receive notifications about presence of long tasks. We expose the start time of the task, its duration (with 1 ms granularity), and a pointer to the culprit frame. This information can already be observed today, and with higher resolution, using setTimeout. An attacker can do this by clearing everything else on the page and adding the vulnerable cross-origin resource to ensure that delays from the setTimeout are caused by that resource. Observers in other different pages (tabs or windows) should not receive notifications, regardless of the architecture of the user agent.
Cross origin rules for what is exposed:
-
Cross-origin observers may see the direction of the culprit e.g if the culprit is a deeply nested iframe, then the host page can see the first cross-origin between itself and the culprit.
-
Conversely, if the culprit is the top level page, then a deeply embedded iframe can see that a longtask occurrred in its cross-origin ancestor but does not receive any information about it.
7.2. Attack Scenarios Considered
The following are the timing attacks considered:
-
Traditional timing attacks: using external resource load time to reveal the size of private data. For instance the number of hidden pictures in a gallery, whether username is valid, etc. See an example.
-
Side-channel timing attacks: using time for video parsing, script parsing, App Cache reads or Cache API (service workers) usage to uniquely identify a user, or to create a profile of the user’s age, gender, location, and interests etc. For instance, status updates from a social network can be limited to certain demographic (eg. females of age 20-30) the file size of the permalink page can be used to determine whether the user is in the target demographic.
These scenarios are addressed by the 50ms threshold AND respecting cross-origin boundary i.e. not showing task type or additional attribution to untrusted cross origin observers.
7.3. Additional information exposed by the Long Animation Frames API
Since several cross-origin documents can share the same event loop, they can also render as part of the same frame sequence and influence each other’s rendering time. This makes it so that these timings are already somewhat observable cross-origin, e.g. by requesting an animation frame and observing if it is delayed, though long animation frames exposes them at a higher fidelity.To mitigate this, long animation frames are only reported to "participating local roots": only documents that are associated with a work task that contributed to the sequence, or that were rendered as part of the frame, are eligible to observe the long animation frame, and that long animation frame would be available only in their nearest ancestor that is either topmost or has a cross-origin parent.
7.4. PerformanceScriptTiming
and opaque scripts
Since PerformanceScriptTiming
exposes information about script execution, we need to make sure it
doesn’t expose too much information about CORS cross-origin scripts that cannot be easily deduced otherwise.
To do that, we use the existing muted errors boolean, and report an empty sourceLocation
in such cases.