Thanks, that's a good question I think currently the WG wants to be
consistent and follow SVG/HTML. Meng Tan opened an issue in the spec
repo for discussion: https://github.com/w3c/mathml-core/issues/333
If they decide to support javascript: URL: we should make sure the same
mitigation as for HTML/SVG exists and are covered by tests (e.g.
handling by the sanitizer API or trusted types spec).
Le 23/06/2026 à 19:28, 'Daniel Vogelheim' via blink-dev a écrit :
Hi,
Will this support navigating to javascript:-URLs?
Navigating to javascript:-URLs is an existing mis-feature in the
platform, which will execute the given script in the context of the
current document and is a popular XSS gadget. Your intent mentions
"consistent link handling across HTML, SVG, and MathML", which would
suggest to me that javascript:-URLs are supported. But then, I can't
find any definite statement for or against in the intent.
From a security perspective it'd be better to drop javascript:-URLs;
however, this would admittedly come at the expense of consistency.
On Wed, Jun 17, 2026 at 7:50 AM tannal <[email protected]> wrote:
Contact emails
[email protected]
Explainer
https://people.igalia.com/fwang/mathml-a-href
Specification
https://w3c.github.io/mathml-core/#the-a-element
Design docs
None
Summary
Introduces the <a> element within the MathML namespace exposed via
the new MathMLAnchorElement WebIDL interface which inherits from
MathMLElement. This feature aligns MathML hyperlink capabilities
with HTMLAnchorElement and SVGAElement to ensure consistent link
handling across HTML, SVG, and MathML.
Blink component
Blink>MathML
Web Feature ID
Missing feature
Motivation
Linking is an important web feature and support is highly desired
for MathML (e.g. to be able to create links on different parts of
a mathematical expression). In the past, href was supported on all
MathML elements to allow that (in MathML2 in the XLink namespace,
and in MathML3 the default namespace) but some concerns were
raised this was a bit too intrusive, because we have to do privacy
mitigation ( https://github.com/w3c/mathml-core/issues/142 ),
handle it specially in the the sanitizer API. We need a new <a>
element for MathML to enable hyperlinks in mathematical expression
Initial public proposal
https://github.com/w3c/mathml-core/pull/307
Goals for experimentation
None
Requires code in //chrome?
False
Tracking bug
https://issues.chromium.org/u/1/issues/510487697
Estimated milestones
No milestones specified
Anticipated spec changes
Open questions about a feature may be a source of future web
compat or interop issues. Please list open issues (e.g. links to
known github issues in the project for the feature specification)
whose resolution may introduce web compat/interop risk (e.g.,
changing to naming or structure of the API in a
non-backward-compatible way).
https://github.com/w3c/mathml-core/issues/142
https://github.com/w3c/mathml-core/pull/307
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/6543819626643456?gate=6269974827106304
This intent message was generated by Chrome Platform Status. --
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected].
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/398b6ab3-d82d-4600-ab3d-cdc98761c39en%40chromium.org
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/398b6ab3-d82d-4600-ab3d-cdc98761c39en%40chromium.org?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPM8DSi4y3ZY-xeYQdR%3DEXDoqKT3Q1koxzXem%2BfzW3Mwgw%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPM8DSi4y3ZY-xeYQdR%3DEXDoqKT3Q1koxzXem%2BfzW3Mwgw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/b5d9ad91-8342-4858-a9c4-87c9bea21cae%40igalia.com.
