I just had some clarifying questions On Wed, Feb 14, 2024 at 1:13 PM Joey Arhar <jar...@chromium.org> wrote:
> Some additional notes: > - This API is tested in the declarative ShadowDOM tests in interop2024, > and it is counting against us to not have it enabled by default. > - The future sanitization options will be added as an optional second > parameter to both methods, so there will not be any compat issues with > shipping now. > > On Wed, Feb 14, 2024 at 1:11 PM Joey Arhar <jar...@chromium.org> wrote: > >> Contact emailsjar...@chromium.org >> >> ExplainerNone >> > Is this the relevant explainer (referenced from the PR below): https://github.com/WICG/sanitizer-api/blob/main/explainer.md > >> >> Specificationhttps://html.spec.whatwg.org/C/#unsafe-html-parsing-methods >> https://github.com/whatwg/html/pull/9538 >> >> Summary >> >> The setHTMLUnsafe and parseHTMLUnsafe methods allow Declarative ShadowDOM >> to be used from javascript. In the future, they may also get new parameters >> for sanitization. >> >> >> Blink componentBlink>HTML >> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EHTML> >> >> TAG reviewNone >> >> TAG review statusNot applicable >> > There seems to be consensus within browser vendors that this is a good idea, but I'm just wondering why you decided against filing TAG here? > >> >> Risks >> >> >> Interoperability and Compatibility >> >> None >> >> >> *Gecko*: No signal (https://bugzilla.mozilla.org/show_bug.cgi?id=1850675 >> ) https://github.com/whatwg/html/pull/9538#issuecomment-1728947778 >> > This seems positive, right? > >> >> *WebKit*: Positive (https://bugs.webkit.org/show_bug.cgi?id=261143) >> > I'm not sure how to read this properly, but is this a positive signal or "shipped/shipping" signal? > >> *Web developers*: No signals >> >> *Other signals*: >> >> Ergonomics >> >> This API will likely be used in tandem with Declarative ShadowDOM. The >> default usage of this API will not make it hard for chrome to maintain good >> performance. >> >> >> Activation >> >> It will not be challenging for developers to use this feature immediately. >> >> >> Security >> >> There are no security risks. This API just does declarative ShadowDOM. >> There is an "unsafe" in the name because there are future plans to add >> sanitization options. https://github.com/WICG/sanitizer-api/issues/185 >> https://github.com/whatwg/html/issues/8627 >> https://github.com/whatwg/html/issues/8759 >> >> >> WebView application risks >> >> Does this intent deprecate or change behavior of existing APIs, such that >> it has potentially high risk for Android WebView-based applications? >> >> None >> >> >> Debuggability >> >> This API does not need any special DevTools features. You can call the >> method from the console panel. >> >> >> Will this feature be supported on all six Blink platforms (Windows, Mac, >> Linux, ChromeOS, Android, and Android WebView)?Yes >> >> Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >> ?Yes >> >> Flag name on chrome://flagsHTMLUnsafeMethods >> >> Finch feature nameHTMLUnsafeMethods >> >> Requires code in //chrome?False >> >> Estimated milestones >> DevTrial on desktop 120 >> DevTrial on Android 120 >> >> Anticipated spec changes >> >> Open questions about a feature may be a source of future web compat or >> interop issues. Please list open issues (e.g. links to known github issues >> in the project for the feature specification) whose resolution may >> introduce web compat/interop risk (e.g., changing to naming or structure of >> the API in a non-backward-compatible way). >> None >> >> Link to entry on the Chrome Platform Status >> https://chromestatus.com/feature/6560361081995264 >> >> This intent message was generated by Chrome Platform Status >> <https://chromestatus.com/>. >> > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK6btwJiEbhk_YGbVhuUg0emSJTfT%3D20_1bTDMFJxcH5i9tbMQ%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK6btwJiEbhk_YGbVhuUg0emSJTfT%3D20_1bTDMFJxcH5i9tbMQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXd2MH_fZddPf6c_QwhEP5JU767nEy1ck338Cx_HYFsytO4w%40mail.gmail.com.
