Aligns behavior with the standard in edge cases when changing the URL protocol to or from "file". Previously, attempting to change the protocol of a URL with credentials or a port to "file" would lead to an invalid URL. Similarly, attempting to change a URL with no host from "file" to "http" would lead to an invalid URL. Now the invalid change will be ignored for consistency with other browsers. This affects the "protocol" attribute on the URL API, location, and <a> and <area> elements.
The new restrictions only apply in cases where the URL would end up broken anyway, so compatibility risk is minimal. The old behavior was not interoperable. The new behavior is interoperable with Safari, and hopefully Firefox will also align.
Developers should avoid exercising these cases, as they don't do anything useful.
Generally no security impact. If any web developers were depending on the old behavior for security purposes, their code was definitely broken in other engines and likely wasn't working as intended in Blink.
No special support needed.
LGTM1
/Daniel
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAC_ixdzwhzLbEG1ub-crgAGew3N6geDbS1sVG%2BEWi%2BQsDGfCBA%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/bb7bc58b-bffc-5e7c-51b2-7fc4a22de5cb%40gmail.com.