Intent to Ship: Sanitizer API

205 views
Skip to first unread message

Chromestatus

unread,
Dec 15, 2025, 9:40:50 AM (2 days ago) Dec 15
to blin...@chromium.org, voge...@google.com
Contact emails
voge...@google.com

Explainer
https://github.com/WICG/sanitizer-api/blob/main/explainer.md

Specification
https://wicg.github.io/sanitizer-api

Summary
The Sanitizer API offers an easy to use and safe by default HTML Sanitizer API, which developers can use to remove content that may execute script from arbitrary, user-supplied HTML content. The goal is to make it easier to build XSS-free web applications. This follows previous attempts at establishing a Sanitizer API (https://chromestatus.com/feature/5786893650231296), which we unshipped again (https://chromestatus.com/feature/5115076981293056). The specification has meanwhile progressed and now has widespread support.

Blink component
Blink>SecurityFeature>SanitizerAPI

Web Feature ID
SanitizerAPI

Motivation
User input sanitization is a necessary and common activity of many web applications, but it's difficult to get right. As a component of the web platform it's easier to harden the sanitizer implementation and keep it up-to-date. Offering a high-quality sanitizer with good defaults (without blocking developers from using their own, if they choose) would improve security, and make it more accessible.

Initial public proposal
https://wicg.github.io/sanitizer-api/

TAG review
https://github.com/w3ctag/design-reviews/issues/619

TAG review status
Issues addressed

Risks


Interoperability and Compatibility
No information provided

Gecko: Positive (https://github.com/mozilla/standards-positions/issues/106) Sanitizer API is enabled in Firefox nightly: https://www.firefox.com/en-US/firefox/148.0a1/releasenotes/

WebKit: Support (https://github.com/WebKit/standards-positions/issues/86)

Web developers: No signals

Other signals: HTML: stage 2. (https://github.com/whatwg/html/issues/7197) TAG, early design review: https://github.com/w3ctag/design-reviews/issues/619

Security
https://wicg.github.io/sanitizer-api/#security-considerations

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

No information provided


Debuggability
These APIs are readily accessible and testable using DevTools.

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?
Yes

Is this feature fully tested by web-platform-tests?
Yes
https://wpt.fyi/results/sanitizer-api?label=experimental&label=master&aligned

Flag name on about://flags
No information provided

Finch feature name
SanitizerAPI

Rollout plan
Will ship enabled for all users

Requires code in //chrome?
False

Tracking bug
https://issues.chromium.org/issues/40138584

Estimated milestones
Shipping on desktop145
Shipping on Android145
Shipping on WebView145


Anticipated spec changes

Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way).

We expect to "upstream" the current WICG specification to become part of HTML proper. See: https://github.com/whatwg/html/issues/7197

Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5814067399491584?gate=5398359461068800

Links to previous Intent discussions
Intent to Prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPP0LBdNCieNydc6dfObByS2kCg1B2yvd6eZJHGTkW%2Bd-w%40mail.gmail.com


This intent message was generated by Chrome Platform Status.

Chris Harrelson

unread,
Dec 15, 2025, 12:25:58 PM (2 days ago) Dec 15
to Chromestatus, blin...@chromium.org, voge...@google.com
LGTM1

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/69401de1.050a0220.2e69e1.0456.GAE%40google.com.

Yoav Weiss (@Shopify)

unread,
Dec 15, 2025, 3:18:01 PM (2 days ago) Dec 15
to Chris Harrelson, Chromestatus, blin...@chromium.org, voge...@google.com
On Mon, Dec 15, 2025 at 6:25 PM Chris Harrelson <chri...@chromium.org> wrote:
LGTM1

On Mon, Dec 15, 2025 at 6:40 AM Chromestatus <ad...@cr-status.appspotmail.com> wrote:
Contact emails
voge...@google.com

Explainer
https://github.com/WICG/sanitizer-api/blob/main/explainer.md

I think it can be useful to add a section to the explainer to outline the differences and relationship to Trusted Types.
 
Reply all
Reply to author
Forward
0 new messages