Intent to Implement and Ship: Make URL parser to not decode percent-encoded ASCII character in URL's path

Hayato Ito

unread,

Aug 4, 2023, 3:53:59 AM8/4/23

to blink-dev

Contact emails

hay...@chromium.org

Specification

https://url.spec.whatwg.org/

Summary

Make URL parser to not decode percent-encoded ASCII characters in URL's path, such as "%41" ('A'). Before this change: > const url = new URL("http://example.com/%41"); > url.href "http://example.com/A" After this change: > const url = new URL("http://example.com/%41"); > url.href "http://example.com/%41"

Blink component

Blink>Network

TAG review

None

TAG review status

Not applicable

Risks

Interoperability and Compatibility

Gecko: Shipped/Shipping

WebKit: Shipped/Shipping

There are risks. Please see the WIP CL's description for details (https://crrev.com/c/4607744).

I'd like to collect feedback about possible risks widely through this thread.

The usage (Canary): 0.000106% (URL.Path.UnescapeEscapedChar).

This usage is not specific to any particular use case and can be considered a theoretical upper bound. The actual breakage is likely much lower than this number.

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

Yes

Is this feature fully tested by web-platform-tests?

Yes

Tracking bug

https://crbug.com/1252531

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/6389236793606144

--

Hayato

TAMURA, Kent

unread,

Aug 10, 2023, 1:08:32 PM8/10/23

to Hayato Ito, blink-dev

LGTM1. It seems to have very low risk.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFpjS_2-4PAY47VbDdd%2BHS%2BchmNUc9dW3BsRtW33LDr1QOeLGw%40mail.gmail.com.

--

TAMURA, Kent
Software Engineer, Google

Mike Taylor

unread,

Aug 11, 2023, 11:15:58 AM8/11/23

to TAMURA, Kent, Hayato Ito, blink-dev

I'm having a hard time assessing the risk, despite the very low usage (it has doubled since the original email was sent - but still very low) and other browsers shipping it.

That said, LGTM2 % having a base::Feature we can use as a killswitch, in case we discover something we didn't anticipate.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGH7WqHcCModrUAQ%3DGJx-oiLcEmBwi%2BjU0ONCpnNWh%3Dp_THRdg%40mail.gmail.com.

Daniel Bratell

unread,

Aug 16, 2023, 8:47:29 AM8/16/23

to Mike Taylor, TAMURA, Kent, Hayato Ito, blink-dev

Compatibility is nice.

LGTM3, but note Mike's request

/Daniel

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/b674e07c-7804-41d5-b8f5-7ada6295651b%40chromium.org.

Hayato Ito

unread,

Aug 16, 2023, 9:11:48 PM8/16/23

to Daniel Bratell, Mike Taylor, TAMURA, Kent, blink-dev

Thanks for the LGTMs. I appreciate it.

Let me implement and ship with a feature flag so that we can have a kill switch.

--

Hayato

Charles Harrison

unread,

Oct 30, 2025, 10:20:37 AM (6 days ago) Oct 30

to Hayato Ito, Daniel Bratell, Mike Taylor, TAMURA, Kent, blink-dev, sashmith...@codimite.com

crbug.com/452084005 is one holdover that was accidentally not updated by this work. We still decode "%2E" (dot) into ".". There is an external contributor (+Sashmitha) who has CL crrev.com/c/7100669 fixing this.

Question for Blink owners: Does this bug fix require a kill switch?

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFpjS_3_a5ZoZbPFw4V-CHH2%2BmCdqmQfD8yjQOuC8tJRSt%2B7Gw%40mail.gmail.com.

Daniel Bratell

unread,

Oct 31, 2025, 4:48:18 AM (6 days ago) Oct 31

to Charles Harrison, Hayato Ito, Mike Taylor, TAMURA, Kent, blink-dev, sashmith...@codimite.com

That is hard to judge without deep knowledge about how much is affected. Do you have any numbers or a gut feeling, or experience from the earlier changes?

/Daniel

Mike Taylor

unread,

Oct 31, 2025, 9:09:58 AM (6 days ago) Oct 31

to Daniel Bratell, Charles Harrison, Hayato Ito, TAMURA, Kent, blink-dev, sashmith...@codimite.com

I think putting this behind a kill switch is a good idea - like Daniel said, it's hard to judge the risk with just the info in the CL.

Charles Harrison

unread,

Oct 31, 2025, 10:55:06 AM (5 days ago) Oct 31

to Mike Taylor, Daniel Bratell, Hayato Ito, TAMURA, Kent, blink-dev, sashmith...@codimite.com

I think the previous launch did not require using the kill switch, but I'm fine being cautious here. I don't have much a gut feeling or data to suggest otherwise. I'll let Hayato chime in though.

Mike Taylor

unread,

Oct 31, 2025, 11:02:35 AM (5 days ago) Oct 31

to Charles Harrison, Daniel Bratell, Hayato Ito, TAMURA, Kent, blink-dev, sashmith...@codimite.com

FWIW, my LGTM for the original launch was contingent on a kill switch (see down thread). So hopefully we had one. :)

Hayato Ito

unread,

Nov 3, 2025, 8:07:00 PM (2 days ago) Nov 3

to Mike Taylor, Charles Harrison, Daniel Bratell, TAMURA, Kent, blink-dev, sashmith...@codimite.com

The previous launch had a kill switch: `kDontDecodeAsciiPercentEncodedURLPath` (see https://crrev.com/c/4607744).

While I believe the risk is still low, I strongly suggest having a kill switch this time as well.