Thanks! I updated the "Interoperability and Compatibility Risks" already on ChromeStatus. *--* *Cheers,* *Michał*
On Tue, May 13, 2025 at 7:47 PM Daniel Bratell <bratel...@gmail.com> wrote: > LGTM2 > > You left the Compatibility field empty which I don't think is accurate. > There is always a risk that sites depend on the exact output of a function > so please keep an eye open for any reported issues. > > /Daniel > On 2025-05-13 07:55, 'Michał Bentkowski' via blink-dev wrote: > > Thank you! > > I added the relevant information on ChromeStatus. > *--* > *Cheers,* > *Michał* > > > On Tue, May 13, 2025 at 7:39 AM Domenic Denicola <dome...@chromium.org> > wrote: > >> LGTM1, but please update the following bits on ChromeStatus: >> >> - Estimated milestones. This is important for ensuring developers >> have an accurate picture of when changes like this are rolling out. >> Especially if this will be a gradual rollout of some sort, or has >> previously been tested in a gradual manner, that information needs to be >> captured. >> - Interop and Compat impact: this definitely has compat impact. >> Please summarize how this can change the behavior of web pages, and why we >> believe it's safe. (You've done that elsewhere, but recording it in >> ChromeStatus is helpful as that's a source of data we consult looking >> backward.) >> >> >> >> On Tue, May 13, 2025 at 5:17 AM 'Michał Bentkowski' via blink-dev < >> blink-dev@chromium.org> wrote: >> >>> >>> Out of curiosity, which platforms will this not be supported on, and why? >>> >>> >>> Sorry, I put the wrong value there -- it will be supported on all >>> platforms. >>> >>> >>> Given that Firefox has implemented this (Nightly-only), as well as >>> Safari (not landed yet?), do we know why >>> https://github.com/whatwg/html/pull/6362 hasn't been merged yet? >>> >>> >>> Anne left a comment: "We should probably hold off until Chromium has >>> actually deployed this?" so I think that's the reason. >>> >>> >>> Thanks, >>> Alison >>> >>> On Friday, May 9, 2025 at 2:18:27 AM UTC-7 Chromestatus wrote: >>> >>> Contact emails secur...@google.com >>> >>> Explainer https://github.com/whatwg/html/issues/6235 >>> >>> Specification https://github.com/whatwg/html/issues/6235 >>> >>> Summary >>> >>> Escape "<" and ">" in values of attributes on serialization. This >>> mitigates the risk of mutation XSS attacks, which occur when value of an >>> attribute is interpreted as a start tag token after being serialized and >>> re-parsed. >>> >>> >>> Blink component Blink>HTML>Parser >>> <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3EHTML%3EParser%22> >>> >>> TAG review Details are shared on >>> https://github.com/whatwg/html/issues/6235. The change was tested with >>> Finch, ending on 10% of Stable. No web compat risks were observed. The only >>> signal we got was that it broke a unit/e2e test which checked the exact >>> content of HTML generated by Chromium. >>> >>> TAG review status Not applicable >>> >>> Risks >>> >>> >>> Interoperability and Compatibility >>> >>> None >>> >>> >>> *Gecko*: Positive ( >>> https://github.com/mozilla/standards-positions/issues/1209) >>> >>> *WebKit*: Positive (https://github.com/WebKit/WebKit/pull/44842) >>> >>> *Web developers*: No signals >>> >>> *Other signals*: >>> >>> WebView application risks >>> >>> Does this intent deprecate or change behavior of existing APIs, such >>> that it has potentially high risk for Android WebView-based applications? >>> >>> None >>> >>> >>> Debuggability >>> >>> None >>> >>> >>> Will this feature be supported on all six Blink platforms (Windows, Mac, >>> Linux, ChromeOS, Android, and Android WebView)? No >>> >>> Is this feature fully tested by web-platform-tests >>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>> ? Yes >>> >>> Flag name on about://flags enable-experimental-web-platform-features >>> >>> Finch feature name EscapeLtGtInAttributes >>> >>> Rollout plan Will ship enabled for all users >>> >>> Requires code in //chrome? False >>> >>> Estimated milestones >>> >>> No milestones specified >>> >>> >>> Anticipated spec changes >>> >>> Open questions about a feature may be a source of future web compat or >>> interop issues. Please list open issues (e.g. links to known github issues >>> in the project for the feature specification) whose resolution may >>> introduce web compat/interop risk (e.g., changing to naming or structure of >>> the API in a non-backward-compatible way). >>> None >>> >>> Link to entry on the Chrome Platform Status >>> https://chromestatus.com/feature/6264983847174144?gate=5114900925644800 >>> >>> This intent message was generated by Chrome Platform Status >>> <https://chromestatus.com>. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1cd243fc-6071-46d5-8178-132fcd909b10n%40chromium.org >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1cd243fc-6071-46d5-8178-132fcd909b10n%40chromium.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHamrfXTQ4390_BWE0mcyCsaiOGXN_eEddCBbGfnN3RCcXnB9A%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHamrfXTQ4390_BWE0mcyCsaiOGXN_eEddCBbGfnN3RCcXnB9A%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHamrfVGActHxh78SVuj_4PDSwGtwYhb9sKGZELooe2QY2q6DA%40mail.gmail.com.
