LGTM2 On Fri, Aug 9, 2024 at 1:19 AM Domenic Denicola <dome...@chromium.org> wrote:
> I'm very excited to see this work proceeding and am looking forward to > being able to LGTM. A few requests before we get there: > > - From what I understand we still won't be spec-compliant > for android:, drivefs:, steam:, chromeos-steam:, and materialized-view:. > Can you add failing web platform tests for all of those cases, to ensure > that we capture this non-compliance? > - I don't understand the role of the scheme registry after we ship > this change. What will it do? The doc says "(TBD) Remove the Scheme > Registry. This can be yet another non-trivial project. This document does > not cover this task." Are there still web-exposed behaviors between > non-registered and registered schemes? Is there a danger that people will > add more schemes to the registry and cause URL parsing to change? Or is > this purely about code cleanup as after this change the scheme registry is > a no-op? > - In general it would be great to have a section of the doc covering > future work, such as fixing those exceptional schemes, removing the scheme > registry, and anything else that you have in mind. In particular I'm > interested in which of these future work projects have compat impacts so we > can know how web developers might see URL parsing change in the future. > > > > > On Fri, Aug 9, 2024 at 4:28 PM Hayato Ito <hay...@chromium.org> wrote: > >> I've added a new section, "Compatibility Risks >> <https://docs.google.com/document/d/1LjxHl32fE4tCKugrK_PIso7mfXQVEeoD1wSnX2y0ZU8/edit?resourcekey=0-d1gP4X2sG7GPl9mlTeptIA&tab=t.0#heading=h.kb3fb29h4kax>", >> to the doc, organizing the content more clearly. >> >> Thanks! >> >> On Fri, Aug 9, 2024 at 3:03 PM Yoav Weiss (@Shopify) < >> yoavwe...@chromium.org> wrote: >> >>> Thanks for working on this!! >>> >>> On Thu, Aug 8, 2024 at 10:09 AM Hayato Ito <hay...@chromium.org> wrote: >>> >>>> Contact emails >>>> >>>> hay...@chromium.org >>>> >>>> Explainer >>>> >>>> http://bit.ly/url-non-special >>>> >>>> Specification >>>> >>>> https://url.spec.whatwg.org/ <https://url.spec.whatwg.org/#url-parsing> >>>> >>>> Summary >>>> >>>> Support non-special scheme URLs. >>>> >>>> Previously, Chromium's URL parser didn't handle non-special scheme URLs >>>> properly. It treated these URLs as “opaque paths”, which didn’t align with >>>> the URL Standard. >>>> >>>> Now, Chromium’s URL parser correctly processes non-special URLs. >>>> >>>> Examples: >>>> >>>> Before: >>>> >>>> > const url = new URL("git://host/path"); >>>> >>>> > url.host >>>> >>>> "" >>>> >>>> > url.pathname >>>> >>>> "//host/path" >>>> >>>> > url.host = "newhost"; >>>> >>>> > url.host >>>> >>>> "" >>>> >>>> > const url = new URL("git://a b/path"); >>>> >>>> > url.pathname >>>> >>>> "//a b/path" >>>> >>>> >>>> After: >>>> >>>> > const url = new URL("git://host/path"); >>>> >>>> > url.host >>>> >>>> "host" >>>> >>>> > url.pathname >>>> >>>> "/path" >>>> >>>> > url.host = "newhost"; >>>> >>>> > url.host >>>> >>>> "newhost" >>>> >>>> > url.href >>>> >>>> "git://newhost/path" >>>> >>>> > const url = new URL("git://a b/path"); >>>> >>>> => throws Exception. // A space character is not allowed as a hostname. >>>> >>>> See http://bit.ly/url-non-special for more details. >>>> >>>> >>>> As part of our Interop 2024 efforts, this change delivers the following >>>> improvements: >>>> >>>> - >>>> >>>> Boosts WPT URL Score: 936 previously failing subtests in the WPT >>>> URL tests (link >>>> >>>> <https://docs.google.com/document/d/1LjxHl32fE4tCKugrK_PIso7mfXQVEeoD1wSnX2y0ZU8/edit?resourcekey=0-d1gP4X2sG7GPl9mlTeptIA&tab=t.0#heading=h.ji1rj1k19sgh>) >>>> now pass, raising the score from 87.0% to 94.7%. >>>> - >>>> >>>> Fixes code relying on incorrect URL behavior: 527 tests (link >>>> >>>> <https://docs.google.com/spreadsheets/d/1Pqw1iKXK_lxHj-kLIAeRFs-khFz-BPZDio1W7SgEVE4/edit?usp=sharing>) >>>> and related code in Chromium that depended on the previous behavior are >>>> now >>>> fixed or mitigated, including: >>>> - >>>> >>>> Web tests that relied on non-compliant non-special URL behavior >>>> (e.g. “javascript://a b” URL) >>>> - >>>> >>>> Non-special schemes used internally by Chromium code base, >>>> including ChromeOS (e.g. “steam:”, “materialized-view://”, >>>> “cros-apps://”) >>>> >>>> >>>> >>>> Blink component >>>> >>>> Internals>Network >>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3ENetwork> >>>> >>>> TAG review >>>> >>>> Not applicable >>>> >>>> Risks >>>> >>>> Interoperability and Compatibility >>>> >>>> Since Safari and Firefox already support non-special scheme URLs, the >>>> likelihood of public websites breaking due to this change is likely low. >>>> See here >>>> <https://docs.google.com/document/d/1LjxHl32fE4tCKugrK_PIso7mfXQVEeoD1wSnX2y0ZU8/edit?resourcekey=0-d1gP4X2sG7GPl9mlTeptIA&tab=t.0> >>>> for a rough estimation of the non-special scheme URL usages. >>>> >>> >>> Any particular section in that doc that talks through or estimates the >>> compat risk? >>> >>> >>>> >>>> Gecko: Shipped >>>> >>>> WebKit: Shipped >>>> >>>> Web developers: Generally seems positive. >>>> >>>> Some signals (from interop 2024 discussions >>>> <https://github.com/web-platform-tests/interop/issues/424>) are: >>>> >>>> - >>>> >>>> > Confusion because URL parsers across Blink, Gecko, WebKit, Node, >>>> and Deno do not interop well. The root cause is nearly always parser >>>> bugs >>>> in Blink or Gecko: >>>> https://twitter.com/oleg008/status/1699087223751073883 >>>> >>>> >>>> - >>>> >>>> > URL is very widely used - custom schemes are commonly used for >>>> links to native apps, or when dealing with developer tooling like >>>> databases. They may also become exceedingly more common with import >>>> maps. >>>> >>>> >>>> Other potential risks and assessments: >>>> >>>> >>>> - >>>> >>>> Enterprise usage: It's difficult to predict how non-special URLs >>>> are used in the wild, especially by enterprise customers with in-house >>>> apps. While adding an Enterprise Policy was considered to mitigate >>>> risks, >>>> technical limitations make it difficult to support URLs. See >>>> http://bit.ly/url-non-special for more info. We'll disable the >>>> feature with Finch (StandardCompliantNonSpecialSchemeURLParsing flag) in >>>> case this causes serious issues. >>>> - >>>> >>>> Impacts on well-known non-special schemes: See here >>>> >>>> <https://docs.google.com/document/d/1LjxHl32fE4tCKugrK_PIso7mfXQVEeoD1wSnX2y0ZU8/edit?resourcekey=0-d1gP4X2sG7GPl9mlTeptIA&tab=t.0#heading=h.k3rirdjyomw6> >>>> for the impacts on “javascript://”, “data:”, and so on. >>>> - >>>> >>>> Impacts on dependent components: This change affects components >>>> relying on URL behavior, like Origin >>>> <https://url.spec.whatwg.org/#origin>. See the Security section >>>> below. >>>> >>>> >>>> >>>> Security >>>> >>>> In Chromium, GURL, KURL, and web-facing URL APIs share the common URL >>>> parser backends, which reside in //url. As a result, this web-facing change >>>> will also affect core components like url::Origin, kurl::SecurityOrigin. >>>> >>>> For detailed information on how url::Origin, kurl::SecurityOrigin, and >>>> web-facing url.origin are impacted, please refer to this CL’s >>>> description >>>> <https://chromium-review.googlesource.com/c/chromium/src/+/5309015>. >>>> >>>> TL;DR. This is a complex issue due to historical reasons. While most >>>> components remain unaffected, there are some nuances, particularly >>>> regarding the “Android WebView Hack”. We’ve preserved the current Origin >>>> behavior for Android WebView. >>>> >>>> WebView application risks >>>> >>>> Beyond the aforementioned "Android WebView Hack", there are no other >>>> changes specific to WebView. >>>> >>>> >>>> Will this feature be supported on all six Blink platforms (Windows, >>>> Mac, Linux, Chrome OS, Android, and Android WebView)? >>>> >>>> Yes. >>>> >>>> Is this feature fully tested by web-platform-tests >>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>> ? >>>> >>>> Yes (dashboard >>>> <https://wpt.fyi/results/url?label=master&label=experimental&product=chrome&product=firefox&product=safari&aligned&view=interop&q=label%3Ainterop-2023-url> >>>> ) >>>> >>>> Flag name >>>> >>>> StandardCompliantNonSpecialSchemeURLParsing >>>> >>>> Requires code in //chrome? >>>> >>>> False >>>> >>>> Tracking bug >>>> >>>> https://crbug.com/1416006 >>>> >>>> Estimated milestones >>>> >>>> M130 >>>> >>>> Link to entry on the Chrome Platform Status >>>> >>>> https://chromestatus.com/feature/5201116810182656 >>>> >>>> Links to previous Intent discussions >>>> >>>> Previous I2S >>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/wYuPrIQzDTA/m/uoL4bXR2BgAJ>. >>>> The previous I2S mail was sent last year but please consider this >>>> intent to ship as a new one. >>>> >>>> >>>> -- >>>> Hayato >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+unsubscr...@chromium.org. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFpjS_1_R%3D%2BHXYgTCuLD_WGR0foLKVnxAU9am1QbHyAZ%3D%2B3Ohw%40mail.gmail.com >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFpjS_1_R%3D%2BHXYgTCuLD_WGR0foLKVnxAU9am1QbHyAZ%3D%2B3Ohw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> >> >> -- >> Hayato >> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFpjS_1%3D48YmdprXVdy_3SWRqneFFcy6BRuaw_w%2BxvrjyAc2CA%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFpjS_1%3D48YmdprXVdy_3SWRqneFFcy6BRuaw_w%2BxvrjyAc2CA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM0wra9m1qFkKLjKPu3B-fQMtvf0acXo3YGhZTWGeQcAgh-MVg%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM0wra9m1qFkKLjKPu3B-fQMtvf0acXo3YGhZTWGeQcAgh-MVg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw9p8_a308ju2BwjGkx40MBud-QWMZuHd8W9CaCABjY8pQ%40mail.gmail.com.
