I've added a new section, "Compatibility Risks <https://docs.google.com/document/d/1LjxHl32fE4tCKugrK_PIso7mfXQVEeoD1wSnX2y0ZU8/edit?resourcekey=0-d1gP4X2sG7GPl9mlTeptIA&tab=t.0#heading=h.kb3fb29h4kax>", to the doc, organizing the content more clearly.
Thanks! On Fri, Aug 9, 2024 at 3:03 PM Yoav Weiss (@Shopify) <yoavwe...@chromium.org> wrote: > Thanks for working on this!! > > On Thu, Aug 8, 2024 at 10:09 AM Hayato Ito <hay...@chromium.org> wrote: > >> Contact emails >> >> hay...@chromium.org >> >> Explainer >> >> http://bit.ly/url-non-special >> >> Specification >> >> https://url.spec.whatwg.org/ <https://url.spec.whatwg.org/#url-parsing> >> >> Summary >> >> Support non-special scheme URLs. >> >> Previously, Chromium's URL parser didn't handle non-special scheme URLs >> properly. It treated these URLs as “opaque paths”, which didn’t align with >> the URL Standard. >> >> Now, Chromium’s URL parser correctly processes non-special URLs. >> >> Examples: >> >> Before: >> >> > const url = new URL("git://host/path"); >> >> > url.host >> >> "" >> >> > url.pathname >> >> "//host/path" >> >> > url.host = "newhost"; >> >> > url.host >> >> "" >> >> > const url = new URL("git://a b/path"); >> >> > url.pathname >> >> "//a b/path" >> >> >> After: >> >> > const url = new URL("git://host/path"); >> >> > url.host >> >> "host" >> >> > url.pathname >> >> "/path" >> >> > url.host = "newhost"; >> >> > url.host >> >> "newhost" >> >> > url.href >> >> "git://newhost/path" >> >> > const url = new URL("git://a b/path"); >> >> => throws Exception. // A space character is not allowed as a hostname. >> >> See http://bit.ly/url-non-special for more details. >> >> >> As part of our Interop 2024 efforts, this change delivers the following >> improvements: >> >> - >> >> Boosts WPT URL Score: 936 previously failing subtests in the WPT URL >> tests (link >> >> <https://docs.google.com/document/d/1LjxHl32fE4tCKugrK_PIso7mfXQVEeoD1wSnX2y0ZU8/edit?resourcekey=0-d1gP4X2sG7GPl9mlTeptIA&tab=t.0#heading=h.ji1rj1k19sgh>) >> now pass, raising the score from 87.0% to 94.7%. >> - >> >> Fixes code relying on incorrect URL behavior: 527 tests (link >> >> <https://docs.google.com/spreadsheets/d/1Pqw1iKXK_lxHj-kLIAeRFs-khFz-BPZDio1W7SgEVE4/edit?usp=sharing>) >> and related code in Chromium that depended on the previous behavior are >> now >> fixed or mitigated, including: >> - >> >> Web tests that relied on non-compliant non-special URL behavior >> (e.g. “javascript://a b” URL) >> - >> >> Non-special schemes used internally by Chromium code base, >> including ChromeOS (e.g. “steam:”, “materialized-view://”, >> “cros-apps://”) >> >> >> >> Blink component >> >> Internals>Network >> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3ENetwork> >> >> TAG review >> >> Not applicable >> >> Risks >> >> Interoperability and Compatibility >> >> Since Safari and Firefox already support non-special scheme URLs, the >> likelihood of public websites breaking due to this change is likely low. >> See here >> <https://docs.google.com/document/d/1LjxHl32fE4tCKugrK_PIso7mfXQVEeoD1wSnX2y0ZU8/edit?resourcekey=0-d1gP4X2sG7GPl9mlTeptIA&tab=t.0> >> for a rough estimation of the non-special scheme URL usages. >> > > Any particular section in that doc that talks through or estimates the > compat risk? > > >> >> Gecko: Shipped >> >> WebKit: Shipped >> >> Web developers: Generally seems positive. >> >> Some signals (from interop 2024 discussions >> <https://github.com/web-platform-tests/interop/issues/424>) are: >> >> - >> >> > Confusion because URL parsers across Blink, Gecko, WebKit, Node, >> and Deno do not interop well. The root cause is nearly always parser bugs >> in Blink or Gecko: >> https://twitter.com/oleg008/status/1699087223751073883 >> >> >> - >> >> > URL is very widely used - custom schemes are commonly used for >> links to native apps, or when dealing with developer tooling like >> databases. They may also become exceedingly more common with import maps. >> >> >> Other potential risks and assessments: >> >> >> - >> >> Enterprise usage: It's difficult to predict how non-special URLs are >> used in the wild, especially by enterprise customers with in-house apps. >> While adding an Enterprise Policy was considered to mitigate risks, >> technical limitations make it difficult to support URLs. See >> http://bit.ly/url-non-special for more info. We'll disable the >> feature with Finch (StandardCompliantNonSpecialSchemeURLParsing flag) in >> case this causes serious issues. >> - >> >> Impacts on well-known non-special schemes: See here >> >> <https://docs.google.com/document/d/1LjxHl32fE4tCKugrK_PIso7mfXQVEeoD1wSnX2y0ZU8/edit?resourcekey=0-d1gP4X2sG7GPl9mlTeptIA&tab=t.0#heading=h.k3rirdjyomw6> >> for the impacts on “javascript://”, “data:”, and so on. >> - >> >> Impacts on dependent components: This change affects components >> relying on URL behavior, like Origin >> <https://url.spec.whatwg.org/#origin>. See the Security section below. >> >> >> >> Security >> >> In Chromium, GURL, KURL, and web-facing URL APIs share the common URL >> parser backends, which reside in //url. As a result, this web-facing change >> will also affect core components like url::Origin, kurl::SecurityOrigin. >> >> For detailed information on how url::Origin, kurl::SecurityOrigin, and >> web-facing url.origin are impacted, please refer to this CL’s description >> <https://chromium-review.googlesource.com/c/chromium/src/+/5309015>. >> >> TL;DR. This is a complex issue due to historical reasons. While most >> components remain unaffected, there are some nuances, particularly >> regarding the “Android WebView Hack”. We’ve preserved the current Origin >> behavior for Android WebView. >> >> WebView application risks >> >> Beyond the aforementioned "Android WebView Hack", there are no other >> changes specific to WebView. >> >> >> Will this feature be supported on all six Blink platforms (Windows, Mac, >> Linux, Chrome OS, Android, and Android WebView)? >> >> Yes. >> >> Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >> ? >> >> Yes (dashboard >> <https://wpt.fyi/results/url?label=master&label=experimental&product=chrome&product=firefox&product=safari&aligned&view=interop&q=label%3Ainterop-2023-url> >> ) >> >> Flag name >> >> StandardCompliantNonSpecialSchemeURLParsing >> >> Requires code in //chrome? >> >> False >> >> Tracking bug >> >> https://crbug.com/1416006 >> >> Estimated milestones >> >> M130 >> >> Link to entry on the Chrome Platform Status >> >> https://chromestatus.com/feature/5201116810182656 >> >> Links to previous Intent discussions >> >> Previous I2S >> <https://groups.google.com/a/chromium.org/g/blink-dev/c/wYuPrIQzDTA/m/uoL4bXR2BgAJ>. >> The previous I2S mail was sent last year but please consider this intent >> to ship as a new one. >> >> >> -- >> Hayato >> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFpjS_1_R%3D%2BHXYgTCuLD_WGR0foLKVnxAU9am1QbHyAZ%3D%2B3Ohw%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFpjS_1_R%3D%2BHXYgTCuLD_WGR0foLKVnxAU9am1QbHyAZ%3D%2B3Ohw%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- Hayato -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFpjS_1%3D48YmdprXVdy_3SWRqneFFcy6BRuaw_w%2BxvrjyAc2CA%40mail.gmail.com.
