I just realized that there was no Finch flag section in the template.
There should be one right?
(Also note what Chris said, the feature needs to be moved to the right
stage in chromestatus and various reviews kicked off)
/Daniel
On 2025-11-05 17:40, Daniel Bratell wrote:
That is a very low use counter indeed, and from its linear behaviour,
it looks like it might go away by itself within a year.
Considering the low counter, that it has not been supported by
Mozilla, and that it might not actually affect production code, I
think it's ok to try to remove it before the XML parser replacement
forces it. The normal caveats with "keep an eye out for feedback" apply.
LGTM1 to deprecate and remove one milestone later.
/Daniel
On 2025-10-31 16:03, Dominik Röttsches wrote:
*Contact emails*
[email protected]
*Explainer*
No information provided
*Specification*
https://www.w3.org/TR/xml/#proc-types
*Summary*
Chrome synchronously fetches external XML entities/DTDs and
incorporates them into parsing under specific circumstances. I
propose to remove this functionality.
Test case xml-external-entity.xml
<https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/http/tests/security/contentTypeOptions/xml-external-entity.xml>
gives an example:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";
[
<!ENTITY entity_application_xml_external_parsed_entity SYSTEM
"http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=application/xml-external-parsed-entity";>
...
External entities can be defined in the trailing part of the DOCTYPE
statement - and then refer to resources that are to be synchronously
loaded and included as context when parsing XML.
Another syntax example would be a DOCTYPE that, using the SYSTEM
keyword followed by a URL pointing to a DTD which contains additional
entity definitions.
Such external load requests are passed up from the parser and allowed
only if they are a same origin request and the response mimetype
matches: application/xml-external-parsed-entity.
According to https://www.w3.org/TR/xml/#proc-types non-validating
processor are not required to read external entities.
*Blink component*
DOM
*Web Feature ID*
Falls under XML feature group, but did not see a specific parsing
feature.
*Motivation*
The usage has continuously decreased and is at an extremely low level
of 0.000015, compare:
https://chromestatus.com/metrics/feature/timeline/popularity/529 We
intend to improve the security of XML parsing in Chrome. (See
internal go/chrome_x_mitigation <http://go/chrome_x_mitigation>).
In this effort, we intend to replace libxml2 as the XML parser with
an XML parser written in Rust (crate "xml"). The Rust-based XML
parser we intend to migrate to, does not support external entities
and we don't think it's necessary or desirable to implement this
feature.
Synchronous loads during parsing are considered inefficient, and can
be avoided by inlining the needed entity definitions.
As usage is so low, Firefox never supported this
<https://bugzilla.mozilla.org/show_bug.cgi?id=22942#c135>, I propose
to deprecate in 144, and remove in 145.
*Initial public proposal*
No information provided
*Debuggability*
Parsing success/failure is debuggable, same as before.
*Requires code in //chrome?*
No
*Tracking bug*
https://crbug.com/455813733
*Estimated milestones*
Starting deprecation in 144
Shipping on desktop 144
Shipping on Android 144
Shipping on WebView 144
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/6734457763659776?gate=4825690713227264
This intent message was generated by Chrome Platform Status.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected].
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAN6muBt5G1ZbUby1i3PBt0qUK0%3DkPj8%2BhHeVbQcZ3xgnnvKKBQ%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAN6muBt5G1ZbUby1i3PBt0qUK0%3DkPj8%2BhHeVbQcZ3xgnnvKKBQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/86df97b8-566d-4d26-b2a8-a398a6faceaf%40gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/86df97b8-566d-4d26-b2a8-a398a6faceaf%40gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/f5d61294-6d97-421d-ad70-e53772cba11c%40gmail.com.
