LGTM1 On Tue, Jun 9, 2026, 2:17 AM Dominik Röttsches <[email protected]> wrote:
> *Contact emails* > [email protected] > > *Specification* > *https://www.w3.org/TR/xml/ <https://www.w3.org/TR/xml/>* > > *Summary* > Roll out the Rust XML parser for scenarios where we are certain that no > XSLT processing is required. The Rust XML parser improves security by > eliminating memory corruption bugs in XML parsing, it is intended to > replace our usage of libxml2 (written in C) with a safe alternative. We are > in the process of deprecating XSLT, see > https://chromestatus.com/feature/4709671889534976. > > While this process continues, we can already migrate to safe Rust XML > parsing in scenarios where no XSLT processing is required: > > 1. DOMParser Web API > 2. Accessing responseXML of XMLHttpRequest > 3. SVG Standalone Images (i.e. accessing a image.svg document directly > as a top level navigation) > 4. SVG external images (A main document embedding an SVG as an > external image resource). > > For enabling usage of safe XML parsing in scenarios 3 and 4, previously, > inline XSLT for the production of SVG was deprecated in: > https://chromestatus.com/feature/5143784390262784 > > > *Blink component* > Blink>DOM > <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3EDOM%22> > > *Web Feature ID* > *No information provided* > > *Search tags* > xml <https://chromestatus.com/features#tags:xml>, security > <https://chromestatus.com/features#tags:security>, parsing > <https://chromestatus.com/features#tags:parsing>, parser > <https://chromestatus.com/features#tags:parser> > > *Risks* > > *Interoperability and Compatibility* > No interoperability risks, the new memory-safe implementation is expected > and shown to be functionally equivalent to the C++ based implementation. No > functional change. For performance considerations, see ergonomics section. > > Two or three compatibility issues were identified during the experiment > phase and have been fixed. > > In the XML parsing Rust crate in upstream, as set of XML conformance tests > are run with a good pass rate of test suites, remaining test failures in > upstream were investigated and showed that the failures pertain to > functionality that we do not use (DTD parsing, for example), or are because > of conflicting specifications. > > A very low risk of previously unforeseen compatibility issues remains, but > I consider it unlikely. > > *Signals* > No browser vendor or developers signals were solicited as there is no > functional change or introduction of new API. > > *Ergonomics* > A 1% @ stable experiment was performed. Analysis of the > Blink.XMLParsing.NonXsltXmlParsingTime.Combined histogram confirms an > isolated parser performance regression. However, guard rail metrics are > unaffected on all relevant platforms. XML parsing becomes slower, more > evenly distributed across percentiles on Android between a regression of > 36% (50th percentile) and 54% (at the 99th percentile), whereas on Windows, > the regression is vastly more pronounced for longer parsing times, 23% at > the 25th percentile, to 74% at the 95th percentile, to 209% at the 99th > percentile. Still, in practice in absolute numbers we are talking about > parse times reaching only tens of milliseconds on Windows and Android. > > *Activation* > No change in behavior means no particular activation risks. > > *Security* > This change's main intention is to improve security. Almost all XML > parsing we perform will run through the Rust memory-safe parser. When XSLT > deprecation concludes, we can deactivate libxml2 XML parsing and move to > Rust XML parsing completely. > > *WebView application risks* > > Does this intent deprecate or change behavior of existing APIs, such that > it has potentially high risk for Android WebView-based applications? > *No information provided* > > > *Debuggability* > No change in behavior means no particular activation risks. > > *Will this feature be supported on all six Blink platforms (Windows, Mac, > Linux, ChromeOS, Android, and Android WebView)?* > Yes > > *Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?* > Yes > > *Tracking bug* > https://crbug.com/466303347 > > *Measurement* > No new behavior that would need adoption measurement. Usage of SVG as > external images remains high at about 60% for example, and will run through > this code path. > > *Estimated milestones* > Shipping on desktop 151 > Shipping on Android 151 > Shipping on WebView 151 > > *Link to entry on the Chrome Platform Status* > https://chromestatus.com/feature/5309598397497344 > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAN6muBvUpuf3UBfv6vFxfy-b1LW-fgBbaMk02w5heHDPqbS8dg%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAN6muBvUpuf3UBfv6vFxfy-b1LW-fgBbaMk02w5heHDPqbS8dg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw_JjLmCZQ3NGtgivE0gsesNCrQnJcW6MiPkwrMEwKX39w%40mail.gmail.com.
