Contact emails [email protected], [email protected]
Explainer None Specification https://mimesniff.spec.whatwg.org/#parse-a-mime-type Summary Reject JSON module script responses whose MIME type's type or subtype contains non‑HTTP token code points (eg spaces) when matched via *+json; aligns with MIME Sniffing spec and other engines. This change is part of the Interop2025 modules focus area. Related Issues: https://bugs.webkit.org/show_bug.cgi?id=297161 Related PR: https://github.com/web-platform-tests/wpt/pull/54219 Draft CL: https://chromium-review.googlesource.com/c/chromium/src/+/6931461 Blink component Blink>Network Web Feature ID Missing feature Search tags json, mime, sniffing, spec-compliance, interoperability TAG review None TAG review status Not applicable Risks Interoperability and Compatibility Interoperability risk is low. very low compat risk; only malformed MIME types with +json in module scripts newly rejected. Other browsers are already stricter. Additionally, until recently (https://groups.google.com/u/0/a/chromium.org/g/blink-dev/c/-lZFLXH7_Y8/m/hw3Tcl64AQAJ), all such +json MIME types would have been treated as failures, making it highly unlikely that there are widespread dependencies on this invalid subset. Gecko: Shipped/Shipping WebKit: Shipped/Shipping Web developers: No signals Other signals: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? None Debuggability None Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)? Yes Is this feature fully tested by web-platform-tests? Yeshttps://wpt.fyi/results/html/semantics/scripting-1/the-script-element/json-module/invalid-content-type.any.html https://wpt.fyi/results/html/semantics/scripting-1/the-script-element/json-module/invalid-content-type.any.sharedworker.html https://wpt.fyi/results/html/semantics/scripting-1/the-script-element/json-module/invalid-content-type.any.worker.html Flag name on about://flags None Finch feature name StrictJsonMimeTypeTokenValidation Rollout plan Will ship enabled for all users Requires code in //chrome? False Tracking bug https://issues.chromium.org/issues/440128360 Estimated milestones Shipping on desktop 142 Shipping on Android 142 Shipping on WebView 142 Anticipated spec changes Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (eg links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (eg, changing to naming or structure of the API in a non-backward-compatible way). None Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5182756304846848?gate=5090319381168128 This intent message was generated by Chrome Platform Status. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/68d17289.710a0220.5367c.017d.GAE%40google.com.
