Hmm, I'm not sure that answered my question. But let me try guessing at an answer:
An example of a URL that will still parse differently after this change, is stun://test.com:8080/. That will parse <https://jsdom.github.io/whatwg-url/#url=c3R1bjovL3Rlc3QuY29tOjgwODAv&base=YWJvdXQ6Ymxhbms=> as pathname = "//test.com:8080/" in Chromium, even after this change, whereas per the standard, that should parse as port = 8080, hostname = "test.com", pathname = "/". Is that correct? If so, I'll be sure we add failing web platform tests for cases like that, so that we don't inadvertently get full credit for fixing our non-special URL parsing code when we haven't finished that work yet. On Tue, Mar 14, 2023 at 12:12 PM Jiacheng Guo <g...@google.com> wrote: > Currently blink disallows non-special URLs with a host such as about:// > example.com/ or stun://test.com:8080/. The allowed URLs can be > about:example or stun:test.com. > > The main concern for implementing spec compliant parsing of the URLs is we > do not know whether other chrome components assume opaque hosts for these > URLs. We wonder if there will be potential issues in the URL handling. > > > > On Tue, Mar 14, 2023 at 10:19 AM Domenic Denicola <dome...@chromium.org> > wrote: > >> Hi Jiacheng, >> >> Thanks again for all this interop work! >> >> I don't think I understood the process that led to special treatment for >> data:, javascript:, intent:, urn:, turn:, and stun:. It seems like the >> intent is to not follow the standard precisely for those schemes, right? I >> guess that might be reasonable as a stepping stone, but I want to make sure >> we're tracking our failure to follow the standard there, and hopefully >> eventually fixing it. >> >> I've filed https://github.com/web-platform-tests/wpt/issues/38970 to >> discuss adding more test coverage. To help us with that, can you provide an >> example of how the blocklist your document discusses will work? That is, >> the document says >> >> > Add a blocklist for non-special schemes. The schemes in the block list >> must have an opaque host. >> >> Since there's no such list in the URL Standard itself, I'm assuming this >> means those schemes will have nonstandard behavior. But I don't understand >> what nonstandard behavior is implied by "must have an opaque host". Can you >> give an example of, e.g., a stun: URL, which will parse differently in the >> URL Standard vs. Blink's implementation, due to this blocklist? >> >> >> On Mon, Mar 13, 2023 at 8:48 PM 'Jiacheng Guo' via blink-dev < >> blink-dev@chromium.org> wrote: >> >>> Sorry I sent the wrong document >>> >>> It should be >>> https://docs.google.com/document/d/1edoInUnxwJAGN0264yFRvs6Yi5ptb37HvFYkBNnz2YQ/edit?usp=sharing >>> >>> On Sat, Mar 11, 2023 at 12:39 AM Mike Taylor <miketa...@chromium.org> >>> wrote: >>> >>>> Thanks for the doc - if "WPT URL failure triage" is what you intended >>>> to send, could you point out which section contains the security concerns? >>>> (Or maybe just linked the wrong doc on accident?) >>>> On 3/10/23 6:31 AM, Jiacheng Guo wrote: >>>> >>>> Sorry for the late reply, >>>> >>>> I've created a doc >>>> <https://docs.google.com/document/d/1ip9B2v5KiX6HUolSODdyEhpWD0Jx1ib_uRbJXOGTqRw/edit?usp=sharing&resourcekey=0-CGabf2J9BGhC1LfbdT6_8w> >>>> on the security concerns for non-special URLs. The general idea is to >>>> support non-special URLs and add a blocklist where the URLs can only have >>>> opaque hosts. >>>> >>>> I added the security team to ask for their comments as well. >>>> >>>> Jiacheng Guo >>>> >>>> >>>> >>>> On Thu, Mar 9, 2023 at 1:38 AM Mike Taylor <miketa...@chromium.org> >>>> wrote: >>>> >>>>> Hi Jiacheng, >>>>> >>>>> Friendly ping on Harald's and my questions. :) >>>>> >>>>> thanks, >>>>> Mike >>>>> On 2/23/23 2:40 AM, Harald Alvestrand wrote: >>>>> >>>>> Is there a blacklist of "special schemes" that this change won't >>>>> touch? Who maintains that list? >>>>> >>>>> This seems a bit dangerous, in that if a new scheme is deployed that >>>>> is "special", code intended for handling non-special schemes will try to >>>>> parse it. >>>>> >>>>> Note that the term "special" in the URL specification ( >>>>> https://url.spec.whatwg.org/#special-scheme) refers strictly to ftp, >>>>> file, http, https, ws and wss; there's nothing "special" about urn, turn, >>>>> stun or any of the other standardized schemes that don't use the // >>>>> syntax. >>>>> >>>>> >>>>> >>>>> >>>>> On Wed, Feb 22, 2023 at 5:08 PM Yoav Weiss <yoavwe...@chromium.org> >>>>> wrote: >>>>> >>>>>> >>>>>> >>>>>> On Wed, Feb 22, 2023 at 4:43 PM Mike Taylor <miketa...@chromium.org> >>>>>> wrote: >>>>>> >>>>>>> >>>>>>> On 2/22/23 8:21 AM, 'Jiacheng Guo' via blink-dev wrote: >>>>>>> >>>>>>> Contact emails g...@google.com >>>>>>> >>>>>>> Explainer None >>>>>>> >>>>>>> >>>>>> An explainer (even inline) would be helpful to get a better >>>>>> understanding of what this change does. >>>>>> Does it impact only URL() object construction? What is happening >>>>>> today? What will happen after this change lands? >>>>>> >>>>>>> >>>>>>> >>>>>>> Specification https://url.spec.whatwg.org/#url-parsing >>>>>>> >>>>>>> Summary >>>>>>> >>>>>>> URLs with non-special schemes will be supported in chrome. >>>>>>> `non-speicial://test.com:1234/path` <http://test.com:1234/path> >>>>>>> will be become a valid URL. One can access and set the URL properties >>>>>>> such >>>>>>> as host, port and path via the URL class. >>>>>>> >>>>>>> >>>>>>> Blink component Blink>JavaScript>API >>>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EJavaScript%3EAPI> >>>>>>> >>>>>>> TAG review >>>>>>> >>>>>>> TAG review status Not applicable >>>>>>> >>>>>>> Risks >>>>>>> >>>>>>> >>>>>>> Interoperability and Compatibility >>>>>>> >>>>>>> *Gecko*: Positive >>>>>>> >>>>>>> *WebKit*: Positive >>>>>>> >>>>>>> Any links to those positive signals? >>>>>> >>>>>> >>>>>>> >>>>>>> *Web developers*: No signals >>>>>>> >>>>>>> *Other signals*: >>>>>>> >>>>>>> Ergonomics >>>>>>> >>>>>>> No significant risks. >>>>>>> >>>>>>> >>>>>>> Activation >>>>>>> >>>>>>> No significant risks. >>>>>>> >>>>>>> >>>>>>> Security >>>>>>> >>>>>>> data:// and javascript:// URLs handling is not modified due to >>>>>>> their critical role. >>>>>>> >>>>>>> >>>>>>> WebView application risks >>>>>>> >>>>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>>>> that it has potentially high risk for Android WebView-based >>>>>>> applications? >>>>>>> >>>>>>> Do URLs with an intent:// scheme have any security considerations, >>>>>>> or implications for WebView? (I don't know, hopefully someone who does >>>>>>> can >>>>>>> answer. :)) >>>>>>> >>>>>>> >>>>>>> >>>>>>> Debuggability >>>>>>> >>>>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>>>> Mac, Linux, Chrome OS, Android, and Android WebView)? Yes >>>>>>> >>>>>>> Is this feature fully tested by web-platform-tests >>>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>>>> ? Yes >>>>>>> >>>>>>> Flag name NonSpeicalSchemeURLParsing >>>>>>> >>>>>>> Requires code in //chrome? False >>>>>>> >>>>>>> Tracking bug https://crbug.com/1416006 >>>>>>> >>>>>>> Sample links >>>>>>> https://chromium-review.googlesource.com/c/chromium/src/+/4273893 >>>>>>> >>>>>>> Estimated milestones >>>>>>> >>>>>>> No milestones specified >>>>>>> >>>>>>> >>>>>>> Anticipated spec changes >>>>>>> >>>>>>> Open questions about a feature may be a source of future web compat >>>>>>> or interop issues. Please list open issues (e.g. links to known github >>>>>>> issues in the project for the feature specification) whose resolution >>>>>>> may >>>>>>> introduce web compat/interop risk (e.g., changing to naming or >>>>>>> structure of >>>>>>> the API in a non-backward-compatible way). >>>>>>> >>>>>>> >>>>>>> Link to entry on the Chrome Platform Status >>>>>>> https://chromestatus.com/feature/5201116810182656 >>>>>>> >>>>>>> This intent message was generated by Chrome Platform Status >>>>>>> <https://chromestatus.com/>. >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "blink-dev" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to blink-dev+unsubscr...@chromium.org. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAJQw1Nzk847XL759vMSQaF3L5zvtykg6UfQvuss4diyU-h1%3Duw%40mail.gmail.com >>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAJQw1Nzk847XL759vMSQaF3L5zvtykg6UfQvuss4diyU-h1%3Duw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "blink-dev" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to blink-dev+unsubscr...@chromium.org. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/7cdf2693-c8a3-d263-0eb0-a44a2390979e%40chromium.org >>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/7cdf2693-c8a3-d263-0eb0-a44a2390979e%40chromium.org?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "blink-dev" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to blink-dev+unsubscr...@chromium.org. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfVfGhV%2BDRzpCjGFoHg7EXb325nHz3nu4OSQVTTC6bkS1A%40mail.gmail.com >>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfVfGhV%2BDRzpCjGFoHg7EXb325nHz3nu4OSQVTTC6bkS1A%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAJQw1NwdWUn7OOrEgGjGeZV%3DHa_niTT0Jg_yv7j7uN2uRL7fcA%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAJQw1NwdWUn7OOrEgGjGeZV%3DHa_niTT0Jg_yv7j7uN2uRL7fcA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM0wra92Na%2Bbv0DbD5BjvuKSHf-%2BhFCSrRWnPExGnEzUzm%3Df6g%40mail.gmail.com.
