LGTM2 On 9/22/25 2:41 p.m., Alex Russell wrote:
LGTM1On Monday, September 22, 2025 at 9:00:30 AM UTC-7 Chromestatus wrote: *Contact emails* [email protected], [email protected] *Explainer* None *Specification* https://mimesniff.spec.whatwg.org/#parse-a-mime-type <https://mimesniff.spec.whatwg.org/#parse-a-mime-type> *Summary* Reject JSON module script responses whose MIME type’s type or subtype contains non‑HTTP token code points (e.g. spaces) when matched via *+json; aligns with MIME Sniffing spec and other engines. This change is part of the Interop2025 modules focus area. Related Issues: https://bugs.webkit.org/show_bug.cgi?id=297161 <https://bugs.webkit.org/show_bug.cgi?id=297161> Related PR: https://github.com/web-platform-tests/wpt/pull/54219 <https://github.com/web-platform-tests/wpt/pull/54219> Draft CL: https://chromium-review.googlesource.com/c/chromium/src/+/6931461 <https://chromium-review.googlesource.com/c/chromium/src/+/6931461> *Blink component* Blink>Network <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3ENetwork%22> *Web Feature ID* Missing feature *Search tags* json <http:///features#tags:json>, mime <http:///features#tags:mime>, sniffing <http:///features#tags:sniffing>, spec-compliance <http:///features#tags:spec-compliance>, interoperability <http:///features#tags:interoperability> *TAG review* None *TAG review status* Not applicable *Risks* *Interoperability and Compatibility* Interoperability risk is low. very low compat risk; only malformed MIME types with +json in module scripts newly rejected. Other browsers are already stricter. Additionally, until recently (https://groups.google.com/u/0/a/chromium.org/g/blink-dev/c/-lZFLXH7_Y8/m/hw3Tcl64AQAJ <https://groups.google.com/u/0/a/chromium.org/g/blink-dev/c/-lZFLXH7_Y8/m/hw3Tcl64AQAJ>), all such +json MIME types would have been treated as failures, making it highly unlikely that there are widespread dependencies on this invalid subset. /Gecko/: Shipped/Shipping /WebKit/: Shipped/Shipping /Web developers/: No signals /Other signals/: *WebView application risks* Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? None *Debuggability* None *Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?* Yes *Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?* Yeshttps://wpt.fyi/results/html/semantics/scripting-1/the-script-element/json-module/invalid-content-type.any.html <https://wpt.fyi/results/html/semantics/scripting-1/the-script-element/json-module/invalid-content-type.any.html> https://wpt.fyi/results/html/semantics/scripting-1/the-script-element/json-module/invalid-content-type.any.sharedworker.html <https://wpt.fyi/results/html/semantics/scripting-1/the-script-element/json-module/invalid-content-type.any.sharedworker.html> https://wpt.fyi/results/html/semantics/scripting-1/the-script-element/json-module/invalid-content-type.any.worker.html <https://wpt.fyi/results/html/semantics/scripting-1/the-script-element/json-module/invalid-content-type.any.worker.html> *Flag name on about://flags* None *Finch feature name* StrictJsonMimeTypeTokenValidation *Rollout plan* Will ship enabled for all users *Requires code in //chrome?* False *Tracking bug* https://issues.chromium.org/issues/440128360 <https://issues.chromium.org/issues/440128360> *Estimated milestones* Shipping on desktop 142 Shipping on Android 142 Shipping on WebView 142 *Anticipated spec changes* Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way). None *Link to entry on the Chrome Platform Status* https://chromestatus.com/feature/5182756304846848?gate=5090319381168128 <https://chromestatus.com/feature/5182756304846848?gate=5090319381168128> This intent message was generated by Chrome Platform Status <https://chromestatus.com>. --You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/484c3035-a8f8-4f82-aec9-3661fe6731c1n%40chromium.org <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/484c3035-a8f8-4f82-aec9-3661fe6731c1n%40chromium.org?utm_medium=email&utm_source=footer>.
-- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/9e293ea6-1461-4a10-b02a-79be8455a832%40chromium.org.
