And in case anyone wonders: why those ones in particular? It's
everything that's allowed inside an sf-string
<https://datatracker.ietf.org/doc/html/rfc8941#section-3.3.3>, except
escaped "\" and escaped DQUOTE (because we know those make WAFs very,
very sad).
On 2/1/22 10:00 AM, Matt Reichhoff wrote:
Thanks for the response! Yes, we will be keeping an eye on metrics and
bug reports.
In terms of the character set, it is defined here:
https://wicg.github.io/ua-client-hints/#create-arbitrary-brands-section
It includes: 0x20 (SP), 0x28 (left parenthesis), 0x29 (right
parenthesis), 0x2D (-), 0x2E (.), 0x2F (/), 0x3A (:), 0x3B (;), 0x3D
(=), 0x3F (?), 0x5F (_). The prior implementation included only space
(0x20) and semicolon (0x3B).
On Tue, Feb 1, 2022 at 4:45 AM Mike West <mk...@chromium.org> wrote:
LGTM to experiment with this change on a small percentage of
stable in M98 and M99. Presumably you'll be keeping an eye on
metrics and bug reports to roll it back in case unexpected
incompatibility is discovered.
Out of curiosity, what is the new character set with which you'll
be working? The spec link was fairly generic, describing a
strategy rather than an algorithm.
-mike
On Wednesday, January 26, 2022 at 11:18:56 PM UTC+1 Matt Reichhoff
wrote:
Contact emails
mreichh...@chromium.org, miketa...@chromium.org,
jadekess...@chromium.org
Explainer
https://github.com/WICG/ua-client-hints#user-agent-client-hints
<https://github.com/WICG/ua-client-hints#user-agent-client-hints>
Specification
https://wicg.github.io/ua-client-hints/#grease
<https://wicg.github.io/ua-client-hints/#grease>
Summary
We seek to align our implementation of GREASE in User Agent
Client Hints with the current spec, which includes additional
GREASE characters beyond the current semicolon and space, and
which recommends varying the arbitrary version. This is to
help prevent bad assumptions from being built on top of
User-Agent strings.
This intent seeks approval to begin an experiment on stable at
1% with the m98 release. Due to a clerical error, the
experiment is already running on m98 in beta. The goal is to
determine whether the new spec is web compatible via a
controlled experiment before we ship to stable.
Blink component
Privacy>Fingerprinting
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Privacy%3EFingerprinting>
TAG review
https://github.com/w3ctag/design-reviews/issues/640
TAG review status
In progress, but all raised issues addressed.
Risks
Interoperability and Compatibility
The prior inclusion (in 2020) of escaped ASCII 0x22 (double
quote) and 0x5C (backslash) proved to be web incompatible and
was rolled back. While we do not anticipate similar problems
with the updated character list, we have taken (or will take)
the following actions to validate this assumption:
*
Pre-launch testing of the new characters against
known-common sites, which will include tests against the
components known to have been incompatible with the prior
implementation [COMPLETED].
*
Addition of an enterprise policy escape hatch [COMPLETE].
*
A phased rollout along with monitoring of HTTP 4XX
response rates [PROPOSED HERE].
Gecko: Non-harmful
(https://mozilla.github.io/standards-positions/#ua-client-hints
<https://mozilla.github.io/standards-positions/#ua-client-hints>)
WebKit: No signal
Web developers: No signals
Other signals: N/A
Goals for experimentation
A phased rollout is desired to ensure the changes to the spec
are web-compatible. To that end, we will begin with 1% of
users on stable, with monitoring of HTTP response codes to
ensure the change is non-breaking.
Debuggability
N/A; no change required
Will this feature be supported on all six Blink
platforms (Windows, Mac, Linux, Chrome OS, Android,
and Android WebView)?
No (not on WebView or iOS)
Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md>?
Yes
<https://chromium-review.googlesource.com/c/chromium/src/+/3225903/6/third_party/blink/web_tests/external/wpt/html/webappapis/system-state-and-capabilities/the-navigator-object/navigator_user_agent.https.html>
Flag name
--enable-features="GreaseUACH:updated_algorithm/true"
Tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1164423
<https://bugs.chromium.org/p/chromium/issues/detail?id=1164423>
Estimated milestones
We anticipate this experiment starting in M98 and running for
2 milestones, but it could extend if the data is inconclusive.
We are most concerned about website tail behavior with this
change, which can make data gathering slower than we’d like.
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5630916006248448
<https://chromestatus.com/feature/5630916006248448>
Links to previous Intent discussions
Intent to prototype:
https://groups.google.com/a/chromium.org/g/blink-dev/c/ueudFsZzT1M
<https://groups.google.com/a/chromium.org/g/blink-dev/c/ueudFsZzT1M>
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/2ade7630-7102-3382-ef73-f18ce6c8bc66%40chromium.org.