Oh, can you tick all the chromestatus boxes (maybe with N/A?)? On Tue, Jun 9, 2026 at 4:19 PM Yoav Weiss (@Shopify) <[email protected]> wrote:
> LGTM2 > > One could also argue that this is a non-web-exposed implementation change, > and as long as it's being carefully rolled out, it doesn't need API owner > approvals.. > > On Tue, Jun 9, 2026 at 4:14 PM Chris Harrelson <[email protected]> > wrote: > >> LGTM1 >> >> On Tue, Jun 9, 2026, 2:17 AM Dominik Röttsches <[email protected]> >> wrote: >> >>> *Contact emails* >>> [email protected] >>> >>> *Specification* >>> *https://www.w3.org/TR/xml/ <https://www.w3.org/TR/xml/>* >>> >>> *Summary* >>> Roll out the Rust XML parser for scenarios where we are certain that no >>> XSLT processing is required. The Rust XML parser improves security by >>> eliminating memory corruption bugs in XML parsing, it is intended to >>> replace our usage of libxml2 (written in C) with a safe alternative. We are >>> in the process of deprecating XSLT, see >>> https://chromestatus.com/feature/4709671889534976. >>> >>> While this process continues, we can already migrate to safe Rust XML >>> parsing in scenarios where no XSLT processing is required: >>> >>> 1. DOMParser Web API >>> 2. Accessing responseXML of XMLHttpRequest >>> 3. SVG Standalone Images (i.e. accessing a image.svg document >>> directly as a top level navigation) >>> 4. SVG external images (A main document embedding an SVG as an >>> external image resource). >>> >>> For enabling usage of safe XML parsing in scenarios 3 and 4, previously, >>> inline XSLT for the production of SVG was deprecated in: >>> https://chromestatus.com/feature/5143784390262784 >>> >>> >>> *Blink component* >>> Blink>DOM >>> <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3EDOM%22> >>> >>> *Web Feature ID* >>> *No information provided* >>> >>> *Search tags* >>> xml <https://chromestatus.com/features#tags:xml>, security >>> <https://chromestatus.com/features#tags:security>, parsing >>> <https://chromestatus.com/features#tags:parsing>, parser >>> <https://chromestatus.com/features#tags:parser> >>> >>> *Risks* >>> >>> *Interoperability and Compatibility* >>> No interoperability risks, the new memory-safe implementation is >>> expected and shown to be functionally equivalent to the C++ based >>> implementation. No functional change. For performance considerations, see >>> ergonomics section. >>> >>> Two or three compatibility issues were identified during the experiment >>> phase and have been fixed. >>> >>> In the XML parsing Rust crate in upstream, as set of XML conformance >>> tests are run with a good pass rate of test suites, remaining test failures >>> in upstream were investigated and showed that the failures pertain to >>> functionality that we do not use (DTD parsing, for example), or are because >>> of conflicting specifications. >>> >>> A very low risk of previously unforeseen compatibility issues remains, >>> but I consider it unlikely. >>> >>> *Signals* >>> No browser vendor or developers signals were solicited as there is no >>> functional change or introduction of new API. >>> >>> *Ergonomics* >>> A 1% @ stable experiment was performed. Analysis of the >>> Blink.XMLParsing.NonXsltXmlParsingTime.Combined histogram confirms an >>> isolated parser performance regression. However, guard rail metrics are >>> unaffected on all relevant platforms. XML parsing becomes slower, more >>> evenly distributed across percentiles on Android between a regression of >>> 36% (50th percentile) and 54% (at the 99th percentile), whereas on Windows, >>> the regression is vastly more pronounced for longer parsing times, 23% at >>> the 25th percentile, to 74% at the 95th percentile, to 209% at the 99th >>> percentile. Still, in practice in absolute numbers we are talking about >>> parse times reaching only tens of milliseconds on Windows and Android. >>> >>> *Activation* >>> No change in behavior means no particular activation risks. >>> >>> *Security* >>> This change's main intention is to improve security. Almost all XML >>> parsing we perform will run through the Rust memory-safe parser. When XSLT >>> deprecation concludes, we can deactivate libxml2 XML parsing and move to >>> Rust XML parsing completely. >>> >>> *WebView application risks* >>> >>> Does this intent deprecate or change behavior of existing APIs, such >>> that it has potentially high risk for Android WebView-based applications? >>> *No information provided* >>> >>> >>> *Debuggability* >>> No change in behavior means no particular activation risks. >>> >>> *Will this feature be supported on all six Blink platforms (Windows, >>> Mac, Linux, ChromeOS, Android, and Android WebView)?* >>> Yes >>> >>> *Is this feature fully tested by web-platform-tests >>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?* >>> Yes >>> >>> *Tracking bug* >>> https://crbug.com/466303347 >>> >>> *Measurement* >>> No new behavior that would need adoption measurement. Usage of SVG as >>> external images remains high at about 60% for example, and will run through >>> this code path. >>> >>> *Estimated milestones* >>> Shipping on desktop 151 >>> Shipping on Android 151 >>> Shipping on WebView 151 >>> >>> *Link to entry on the Chrome Platform Status* >>> https://chromestatus.com/feature/5309598397497344 >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAN6muBvUpuf3UBfv6vFxfy-b1LW-fgBbaMk02w5heHDPqbS8dg%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAN6muBvUpuf3UBfv6vFxfy-b1LW-fgBbaMk02w5heHDPqbS8dg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw_JjLmCZQ3NGtgivE0gsesNCrQnJcW6MiPkwrMEwKX39w%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw_JjLmCZQ3NGtgivE0gsesNCrQnJcW6MiPkwrMEwKX39w%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohSLDyyo7EJFs2F%3D6LXWPqqmRugqrG_vpTLvt7zjdwRBr3w%40mail.gmail.com.
