-
Notifications
You must be signed in to change notification settings - Fork 218
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Performance control of embedded content #911
base: main
Are you sure you want to change the base?
Performance control of embedded content #911
Conversation
When it comes to optimizing performance, websites and apps are limited by the performance of the external content they embed, these can be 3rd party sites, 3rd party apps, and even content from other organizations within a company. As a result, being able to control the performance of embedded content is crucial to improving the overall performance of a site or app. | ||
This proposal has two primary goals: | ||
1. Improve users’ satisfaction with their OS, browser, and applications via formalizing methods of constraining the resources available to web content. | ||
2. Provide information to help developers improve the performance of web sites and apps through reporting when performance is negatively impacting end-users and/or applications hosting the site in a frame. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I might swap the order of these two points, since the second goal is required to be achieved for the first goal to be achieved.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have it in that order to lead with and highlight the main driving factor, which is to improve end user experience. And you are right that the second goal is necessary to achieve the first. But I wanted to put emphasis on the end user impact.
|
||
* Re-defines a mechanism for a problem already in the scope of Document Policy. | ||
* The challenges in Document Policy are still applicable with a custom mechanism. | ||
* Changes to iframe HTML element represent additional standards work. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure additional standards work is a good reason to go with one approach and not another, so I'm not sure if that is worth listing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The reasoning here was that even if we wanted to go with the custom mechanism option, we'd need to re-do a lot of the work that Document Policy already does. In particular, it seems like HTML spec changes are more challenging to get through, so defining our own would add that while not providing anything fundamentally better compared to Document Policy. I can remove this item.
|
||
## Non-goals | ||
|
||
1. Granular control of limits or individual criteria within a category. **The developer will not have control over granular values of each limit or individual criteria within a category. This is determined by the platform.** The key factor of this solution is there are predefined categories of focused, perf impacting features that embedder developers can choose to enforce restrictions on the embedded content in their app/site. This is to simplify the process and remove the burden from the embedder developer to determine individual constraints. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Referring to "criteria" and "category" feels a bit awkward before defining those terms. Can we make this more understandable for someone who hasn't read the whole explainer?
| **C: Globals**<br>**Description:** Overall media and system resource usage constraints. | **- Cumulative resource consumption limits per interaction:**<br>* Caps on total media usage. No more than a total of X.<br>* Limits on iframe count. No more than a total of 10.<br>* Limits of iframe depth. No more than a depth of 10.<br>* CPU usage before first interaction: XMB. | - Report violations via Reporting API.<br>- Do not load media at all. <br>- Do not load iframes that surpass the depth. | | ||
| **D: Script**<br>**Description:** Strict JavaScript restrictions. | **-Additional JS limits:**<br>* Long tasks in the main thread.<br>* High CPU usage.<br>* Workers with long tasks that exceed Xms.<br> | - Report violations via Reporting API.<br>- Stopping JavaScript if [in the background]. | | ||
|
||
### Discussion of different categories |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed
|
||
#### Global budgets and side-channel attacks | ||
The criteria proposed in this document includes budgets which are shared globally across documents. This could allow for documents to learn things about cross-origin documents, as described in the [Never Slow Mode explainer](https://github.com/slightlyoff/never_slow_mode?tab=readme-ov-file#global-limits). We consider the same alternatives as NSM as viable for this proposal: | ||
* Require CORS |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree with Alison - I don't think we should be referencing the NSM doc like this, we should take the contents we care about from it instead.
…hub.com/nishitha-burman/MSEdgeExplainers into performance-control-of-embedded-content
|
||
## Goals | ||
|
||
With global web usage continuing to rise and more companies relying on the web as a primary platform to deliver their applications, performance has become a critical factor for success. As more users access websites through mobile devices and lower-powered hardware, the need for fast responsive web experiences is non-negotiable[^1],[^2]. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consider this a suggestion since it's a minor nit, this statement about performance has always been true. I think the essence of what you are getting at is that websites are increasingly being made up of content from different sources yet the performance is interpreted by the customer as a single website.
| ------------- | -------- | ------------------- | | ||
| **A: Basic**<br>**Description**: Basic web development best practices that are scenario-agnostic. | **- Text resources must be compressed** (HTML, CSS, JS, JSON).<br> - **Unzipped assets are flagged.**<br> - **Oversized assets are flagged:**<br>* Assets larger than ?KB embedded via `data:...` URLs.<br>* Image files larger than ?KB served in last generation formats.<br> * Web fonts that are larger than ?KB. | - Reporting violations via Reporting API.<br> - Assets not rendered.<br> UI indicator to block out images that are too large. | | ||
| **B: Early-script**<br>**Description**: JavaScript constraints during load to enhance performance and minimize impact on user experience before interaction begins. | **- JS limits:**<br>* Total limits on JS served prior to user interaction: ?MB<br>* Scripts must contain `content-length` headers<br>* No non-compositor thread animations (e.g. animated SVGs, loading spinners, etc.). | - Report violations via Reporting API.<br> - Loading of scripts that violate the limit are paused/blocked.<br> - Pause/disconnect animations that are not visible, interacted with. | | ||
| **C: Globals**<br>**Description:** Overall media and system resource usage constraints. | **- Cumulative resource consumption limits per interaction:**<br>* Caps on total media usage. No more than a total of ?.<br>* Limits on iframe count. No more than a total of ?.<br>* Limits of iframe depth. No more than a depth of ?.<br>* CPU usage before first interaction: ?MB. | - Report violations via Reporting API.<br>- Do not load media at all. <br>- Do not load iframes that surpass the depth. | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I noticed we talk about memory and CPU earlier but only CPU here. Is memory intentionally left out of the criteria section?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similar with battery actually, although I can understand why that is left out.
First draft of explainer for performance control of embedded content.