Contact [email protected] Explainer
- Old explainer, API as implemented in "MVP" since M105: https://github.com/WICG/sanitizer-api/blob/e72b56b361a31b722b4e14491a83e2d25943ba58/explainer.md - New explainer, still in progress, API that we expect to implement eventually: https://github.com/WICG/sanitizer-api/blob/main/explainer.md Specificationhttps://github.com/WICG/sanitizer-api Summary The Sanitizer API (https://chromestatus.com/feature/5786893650231296) aims to build an easy-to-use, always secure, browser-maintained HTML sanitizer into the platform. It is a cross-browser standardization effort starting in Q2/2020. We shipped an initial version of the Sanitizer API in M105, based on the then-current specification draft. However, the discussion has meanwhile moved on and the proposed API shape has changed substantially. In order to prevent the current API from becoming entrenched we would like to remove the current implementation. We expect to re-implement the Sanitizer API when the proposed specification stabilizes again. Blink componentBlink>SecurityFeature>SanitizerAPI <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ESanitizerAPI> Motivation Since the final version of the standard will look different from our initial implementation, the goal is to prevent an API from becoming entrenched. According to use counters, the Sanitizer API is currently used on 0.000000492 % of page visits. Initial public proposalNone TAG reviewNone TAG review statusNot applicable Risks Interoperability and Compatibility Sanitizer API is currently used on 0.000000492% of page visits. Since presently no other browser supports this API (in any release version) we expect the compatibility impact to be negligible. *Gecko*: Positive ( https://mozilla.github.io/standards-positions/#sanitizer-api) (Note that the Firefox position presumably applies to the eventual result of the standards effort, not to our current implementation.) *WebKit*: No signal (https://github.com/WebKit/standards-positions/issues/86 ) *Web developers*: No signals *Other signals*: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? None Debuggability Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ?Yes Flag name on chrome://flagsCurrently none. Would be happy to re-implement the chrome://flags flag if it helps. Finch feature nameSanitizerAPI Requires code in //chrome?False Tracking bughttps://crbug.com/1428276 Estimated milestones Shipping on desktop 118 Shipping on Android 118 Shipping on WebView 118 Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5115076981293056 This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPPDHMN6e5C-KBGwkNWo2WiZ6Tq_8vy1Xp7%3DDXyQObV5Mw%40mail.gmail.com.
