LGTM2
You left the Compatibility field empty which I don't think is accurate.
There is always a risk that sites depend on the exact output of a
function so please keep an eye open for any reported issues.
/Daniel
On 2025-05-13 07:55, 'Michał Bentkowski' via blink-dev wrote:
Thank you!
I added the relevant information on ChromeStatus.
/--/
/Cheers,/
/Michał/
On Tue, May 13, 2025 at 7:39 AM Domenic Denicola
<dome...@chromium.org> wrote:
LGTM1, but please update the following bits on ChromeStatus:
* Estimated milestones. This is important for ensuring
developers have an accurate picture of when changes like this
are rolling out. Especially if this will be a gradual rollout
of some sort, or has previously been tested in a gradual
manner, that information needs to be captured.
* Interop and Compat impact: this definitely has compat impact.
Please summarize how this can change the behavior of web
pages, and why we believe it's safe. (You've done that
elsewhere, but recording it in ChromeStatus is helpful as
that's a source of data we consult looking backward.)
On Tue, May 13, 2025 at 5:17 AM 'Michał Bentkowski' via blink-dev
<blink-dev@chromium.org> wrote:
Out of curiosity, which platforms will this not be
supported on, and why?
Sorry, I put the wrong value there -- it will be supported on
all platforms.
Given that Firefox has implemented this (Nightly-only), as
well as Safari (not landed yet?), do we know why
https://github.com/whatwg/html/pull/6362 hasn't been
merged yet?
Anne left a comment: "We should probably hold off until
Chromium has actually deployed this?" so I think that's the
reason.
Thanks,
Alison
On Friday, May 9, 2025 at 2:18:27 AM UTC-7 Chromestatus wrote:
Contact emails secur...@google.com
Explainer https://github.com/whatwg/html/issues/6235
Specification https://github.com/whatwg/html/issues/6235
Summary
Escape "<" and ">" in values of attributes on
serialization. This mitigates the risk of mutation XSS
attacks, which occur when value of an attribute is
interpreted as a start tag token after being
serialized and re-parsed.
Blink component Blink>HTML>Parser
<https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3EHTML%3EParser%22>
TAG review Details are shared on
https://github.com/whatwg/html/issues/6235. The change
was tested with Finch, ending on 10% of Stable. No web
compat risks were observed. The only signal we got was
that it broke a unit/e2e test which checked the exact
content of HTML generated by Chromium.
TAG review status Not applicable
Risks
Interoperability and Compatibility
None
/Gecko/: Positive
(https://github.com/mozilla/standards-positions/issues/1209)
/WebKit/: Positive
(https://github.com/WebKit/WebKit/pull/44842)
/Web developers/: No signals
/Other signals/:
WebView application risks
Does this intent deprecate or change behavior of
existing APIs, such that it has potentially high risk
for Android WebView-based applications?
None
Debuggability
None
Will this feature be supported on all six Blink
platforms (Windows, Mac, Linux, ChromeOS, Android, and
Android WebView)? No
Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?
Yes
Flag name on about://flags
enable-experimental-web-platform-features
Finch feature name EscapeLtGtInAttributes
Rollout plan Will ship enabled for all users
Requires code in //chrome? False
Estimated milestones
No milestones specified
Anticipated spec changes
Open questions about a feature may be a source of
future web compat or interop issues. Please list open
issues (e.g. links to known github issues in the
project for the feature specification) whose
resolution may introduce web compat/interop risk
(e.g., changing to naming or structure of the API in a
non-backward-compatible way).
None
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/6264983847174144?gate=5114900925644800
This intent message was generated by Chrome Platform
Status <https://chromestatus.com>.
--
You received this message because you are subscribed to the
Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to blink-dev+unsubscr...@chromium.org.
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1cd243fc-6071-46d5-8178-132fcd909b10n%40chromium.org
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1cd243fc-6071-46d5-8178-132fcd909b10n%40chromium.org?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to blink-dev+unsubscr...@chromium.org.
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHamrfXTQ4390_BWE0mcyCsaiOGXN_eEddCBbGfnN3RCcXnB9A%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHamrfXTQ4390_BWE0mcyCsaiOGXN_eEddCBbGfnN3RCcXnB9A%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/bedda39a-1b87-4d82-9ef2-15dac22dfad5%40gmail.com.
