Enterprises tend not to run beta-channel. They also tend to turn off metrics and crash reporting. A slow rollout as Alex is suggesting will hopefully catch issues early but we also need to be ready to react to urgent regressions as this reaches 100% on stable-channel. Reilly Grant | Software Engineer | reil...@chromium.org | Google Chrome <https://www.google.com/chrome>
On Tue, May 13, 2025 at 8:40 PM 'Michał Bentkowski' via blink-dev < blink-dev@chromium.org> wrote: > The experiment was also enabled on 50% of Beta. Wouldn't that catch > potential Enterprise breakages? > > On Tuesday, May 13, 2025 at 8:25:44 PM UTC+2 Alex Russell wrote: > >> LGTM3 with the caveat that we likely have risks to enterprise apps that >> wouldn't have been visible from the 10% Finch experiement, and so we should >> do this on-by-default in Beta for most of a cycle, and make sure that we >> have a kill-switch in place in case of potential enterprise breakage in >> Stable. >> >> Best, >> >> Alex >> >> On Tuesday, May 13, 2025 at 10:49:45 AM UTC-7 Michał Bentkowski wrote: >> >>> Thanks! I updated the "Interoperability and Compatibility Risks" already >>> on ChromeStatus. >>> *--* >>> *Cheers,* >>> *Michał* >>> >>> >>> On Tue, May 13, 2025 at 7:47 PM Daniel Bratell <brat...@gmail.com> >>> wrote: >>> >> LGTM2 >>>> >>>> You left the Compatibility field empty which I don't think is accurate. >>>> There is always a risk that sites depend on the exact output of a function >>>> so please keep an eye open for any reported issues. >>>> >>>> /Daniel >>>> On 2025-05-13 07:55, 'Michał Bentkowski' via blink-dev wrote: >>>> >>> Thank you! >>>> >>>> I added the relevant information on ChromeStatus. >>>> *--* >>>> *Cheers,* >>>> *Michał* >>>> >>>> >>>> On Tue, May 13, 2025 at 7:39 AM Domenic Denicola <dom...@chromium.org> >>>> wrote: >>>> >>>> LGTM1, but please update the following bits on ChromeStatus: >>>>> >>>>> - Estimated milestones. This is important for ensuring developers >>>>> have an accurate picture of when changes like this are rolling out. >>>>> Especially if this will be a gradual rollout of some sort, or has >>>>> previously been tested in a gradual manner, that information needs to >>>>> be >>>>> captured. >>>>> - Interop and Compat impact: this definitely has compat impact. >>>>> Please summarize how this can change the behavior of web pages, and >>>>> why we >>>>> believe it's safe. (You've done that elsewhere, but recording it in >>>>> ChromeStatus is helpful as that's a source of data we consult looking >>>>> backward.) >>>>> >>>>> >>>>> >>>>> On Tue, May 13, 2025 at 5:17 AM 'Michał Bentkowski' via blink-dev < >>>>> blin...@chromium.org> wrote: >>>>> >>>> >>>>>> Out of curiosity, which platforms will this not be supported on, and >>>>>> why? >>>>>> >>>>>> >>>>>> Sorry, I put the wrong value there -- it will be supported on all >>>>>> platforms. >>>>>> >>>>>> >>>>>> Given that Firefox has implemented this (Nightly-only), as well as >>>>>> Safari (not landed yet?), do we know why >>>>>> https://github.com/whatwg/html/pull/6362 hasn't been merged yet? >>>>>> >>>>>> >>>>>> Anne left a comment: "We should probably hold off until Chromium has >>>>>> actually deployed this?" so I think that's the reason. >>>>>> >>>>>> >>>>>> Thanks, >>>>>> Alison >>>>>> >>>>>> On Friday, May 9, 2025 at 2:18:27 AM UTC-7 Chromestatus wrote: >>>>>> >>>>>> Contact emails secur...@google.com >>>>>> >>>>>> Explainer https://github.com/whatwg/html/issues/6235 >>>>>> >>>>>> Specification https://github.com/whatwg/html/issues/6235 >>>>>> >>>>>> Summary >>>>>> >>>>>> Escape "<" and ">" in values of attributes on serialization. This >>>>>> mitigates the risk of mutation XSS attacks, which occur when value of an >>>>>> attribute is interpreted as a start tag token after being serialized and >>>>>> re-parsed. >>>>>> >>>>>> >>>>>> Blink component Blink>HTML>Parser >>>>>> <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3EHTML%3EParser%22> >>>>>> >>>>>> TAG review Details are shared on >>>>>> https://github.com/whatwg/html/issues/6235. The change was tested >>>>>> with Finch, ending on 10% of Stable. No web compat risks were observed. >>>>>> The >>>>>> only signal we got was that it broke a unit/e2e test which checked the >>>>>> exact content of HTML generated by Chromium. >>>>>> >>>>>> TAG review status Not applicable >>>>>> >>>>>> Risks >>>>>> >>>>>> >>>>>> Interoperability and Compatibility >>>>>> >>>>>> None >>>>>> >>>>>> >>>>>> *Gecko*: Positive ( >>>>>> https://github.com/mozilla/standards-positions/issues/1209) >>>>>> >>>>>> *WebKit*: Positive (https://github.com/WebKit/WebKit/pull/44842) >>>>>> >>>>>> *Web developers*: No signals >>>>>> >>>>>> *Other signals*: >>>>>> >>>>>> WebView application risks >>>>>> >>>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>>> that it has potentially high risk for Android WebView-based applications? >>>>>> >>>>>> None >>>>>> >>>>>> >>>>>> Debuggability >>>>>> >>>>>> None >>>>>> >>>>>> >>>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>>> Mac, Linux, ChromeOS, Android, and Android WebView)? No >>>>>> >>>>>> Is this feature fully tested by web-platform-tests >>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>>> ? Yes >>>>>> >>>>>> Flag name on about://flags enable-experimental-web-platform-features >>>>>> >>>>>> Finch feature name EscapeLtGtInAttributes >>>>>> >>>>>> Rollout plan Will ship enabled for all users >>>>>> >>>>>> Requires code in //chrome? False >>>>>> >>>>>> Estimated milestones >>>>>> >>>>>> No milestones specified >>>>>> >>>>>> >>>>>> Anticipated spec changes >>>>>> >>>>>> Open questions about a feature may be a source of future web compat >>>>>> or interop issues. Please list open issues (e.g. links to known github >>>>>> issues in the project for the feature specification) whose resolution may >>>>>> introduce web compat/interop risk (e.g., changing to naming or structure >>>>>> of >>>>>> the API in a non-backward-compatible way). >>>>>> None >>>>>> >>>>>> Link to entry on the Chrome Platform Status >>>>>> https://chromestatus.com/feature/6264983847174144?gate=5114900925644800 >>>>>> >>>>>> This intent message was generated by Chrome Platform Status >>>>>> <https://chromestatus.com>. >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "blink-dev" group. >>>>>> >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>>> an email to blink-dev+unsubscr...@chromium.org. >>>>> >>>>> >>>>>> To view this discussion visit >>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1cd243fc-6071-46d5-8178-132fcd909b10n%40chromium.org >>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1cd243fc-6071-46d5-8178-132fcd909b10n%40chromium.org?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+unsubscr...@chromium.org. >>>> >>>> >>>> To view this discussion visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHamrfXTQ4390_BWE0mcyCsaiOGXN_eEddCBbGfnN3RCcXnB9A%40mail.gmail.com >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHamrfXTQ4390_BWE0mcyCsaiOGXN_eEddCBbGfnN3RCcXnB9A%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/ead93991-d170-4016-85d9-f01846ede045n%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/ead93991-d170-4016-85d9-f01846ede045n%40chromium.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEmk%3DMYK6b80Kjyfmg7pTMm%2BPHNadgZWNcTexPV%3Djv%2BNA_s-bg%40mail.gmail.com.
