I think it's fine to consider removing the current API given usage is extremely low, and if there is a more plausible path to interoperability via a new version.
Is there consensus on a new API shape yet, or is that an open discussion? On Fri, Aug 11, 2023 at 7:45 AM 'Daniel Vogelheim' via blink-dev < [email protected]> wrote: > Hi Alex, > > On Mon, Aug 7, 2023 at 8:13 PM Alex Russell <[email protected]> > wrote: > >> Hey Daniel, >> >> Hrm, this isn't how things are supposed to work. >> >> The API OWNERS set a high bar to ship exactly to prevent this sort of >> bikeshedding after shipping. Is it possible to make compatible additions >> instead? >> > > I agree that this isn't how things are supposed to work, and I certainly > didn't plan it this way. The Sanitizer launch in 105 was based on the > then-current spec. The feedback we have gotten since is that there are > blocking concerns with that API. We worked through them and landed on a > different API shape, which other engines now seem committed to. They're > unwilling to support the old API. > > It would be possible for Blink to add the new APIs in addition to the old, > and to retain backwards compatibility. However, given that no other engine > is likely to support the old APIs as well, it was recommended to me to not > do that. The main argument is the impact on the developer community: Are we > helping developers by supporting an API shape that has little current usage > and is highly unlikely to see a second implementation? > > I'm happy to follow whatever API Owners recommend: What I'm asking for > here is to retire the current API before adding the new one. The > alternative would be to retain the existing API and implement the new one > on top of it. Either way can work. > > >> Best, >> >> Alex >> >> On Monday, August 7, 2023 at 6:35:16 AM UTC-7 Daniel Vogelheim wrote: >> >>> Contact [email protected] >>> >>> Explainer >>> >>> - Old explainer, API as implemented in "MVP" since M105: >>> >>> https://github.com/WICG/sanitizer-api/blob/e72b56b361a31b722b4e14491a83e2d25943ba58/explainer.md >>> - New explainer, still in progress, API that we expect to implement >>> eventually: >>> https://github.com/WICG/sanitizer-api/blob/main/explainer.md >>> >>> >>> Specificationhttps://github.com/WICG/sanitizer-api >>> >>> Summary >>> >>> The Sanitizer API (https://chromestatus.com/feature/5786893650231296) >>> aims to build an easy-to-use, always secure, browser-maintained HTML >>> sanitizer into the platform. It is a cross-browser standardization effort >>> starting in Q2/2020. We shipped an initial version of the Sanitizer API in >>> M105, based on the then-current specification draft. However, the >>> discussion has meanwhile moved on and the proposed API shape has changed >>> substantially. In order to prevent the current API from becoming entrenched >>> we would like to remove the current implementation. We expect to >>> re-implement the Sanitizer API when the proposed specification stabilizes >>> again. >>> >>> >>> Blink componentBlink>SecurityFeature>SanitizerAPI >>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ESanitizerAPI> >>> >>> Motivation >>> >>> Since the final version of the standard will look different from our >>> initial implementation, the goal is to prevent an API from becoming >>> entrenched. According to use counters, the Sanitizer API is currently used >>> on 0.000000492 % of page visits. >>> >>> Initial public proposalNone >>> >>> TAG reviewNone >>> >>> TAG review statusNot applicable >>> >>> Risks >>> >>> Interoperability and Compatibility >>> >>> Sanitizer API is currently used on 0.000000492% of page visits. Since >>> presently no other browser supports this API (in any release version) we >>> expect the compatibility impact to be negligible. >>> >>> >>> *Gecko*: Positive ( >>> https://mozilla.github.io/standards-positions/#sanitizer-api) (Note >>> that the Firefox position presumably applies to the eventual result of the >>> standards effort, not to our current implementation.) >>> >>> *WebKit*: No signal ( >>> https://github.com/WebKit/standards-positions/issues/86) >>> >>> *Web developers*: No signals >>> >>> *Other signals*: >>> >>> WebView application risks >>> >>> Does this intent deprecate or change behavior of existing APIs, such >>> that it has potentially high risk for Android WebView-based applications? >>> >>> None >>> >>> >>> Debuggability >>> >>> >>> >>> Is this feature fully tested by web-platform-tests >>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>> ?Yes >>> >>> Flag name on chrome://flagsCurrently none. Would be happy to >>> re-implement the chrome://flags flag if it helps. >>> >>> Finch feature nameSanitizerAPI >>> >>> Requires code in //chrome?False >>> >>> Tracking bughttps://crbug.com/1428276 >>> >>> Estimated milestones >>> Shipping on desktop 118 >>> Shipping on Android 118 >>> Shipping on WebView 118 >>> >>> Link to entry on the Chrome Platform Status >>> https://chromestatus.com/feature/5115076981293056 >>> >>> This intent message was generated by Chrome Platform Status >>> <https://chromestatus.com/>. >>> >> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPN-OU7ZxZ-Zu2D0Ni3RDwpDSGmvZyaUt-JQxkUAsO1hTA%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPN-OU7ZxZ-Zu2D0Ni3RDwpDSGmvZyaUt-JQxkUAsO1hTA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw_1_eXdBYQQycPnsMoUaH4o_%2BFttKi8BTEXxzZPA_2Org%40mail.gmail.com.
