Contact emails
fw...@igalia.com
Explainer
Spec
https://url.spec.whatwg.org/#concept-basic-url-parser
TAG review
Not needed, existing specification.
Summary
When parsing URLs, encode the character U+7F DELETE as "%7F".
This improves readability, reduces spoofing risk, makes Chrome's
behavior more consistent, interoperable with other browsers and
compliant with the specification.
Link to “Intent to Prototype” blink-dev discussion
None
Risks
Interoperability and Compatibility
* Interoperability: This will make it compatible with Gecko and WebKit ;
as well as with the specification.
* Compatibility: This will change the string of the parsed URL. However,
that string will still redirect to the same page. Risk seems low since
other browsers support that and websites have to work with them. Plus
this does not sound a common character for URLs.
Gecko: Positive
Shipped
WebKit: Positive
Shipped
Web developers: Positive (
https://github.com/whatwg/html/issues/3377)
There is an existing bug report about how percent-encoding is done for
registerProtocolHandler, which is affected by the special case of U+5F.
Ergonomics
This will change how URLs are rendered in the location bar and
statusline (using %5F instead of any potential DEL glyph)
Security
This might help to reduce spoofing risks.
Will this feature be supported on all six Blink platforms (Windows, Mac,
Linux,
Chrome OS, Android, and Android WebView)?
Yes
Is this feature fully tested by web-platform-tests?
Yes
There are already URL parsing tests in WPT's url/ ; new cases are added
for U+5F in
https://chromium-review.googlesource.com/c/chromium/src/+/2324425
Tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=809852
Demo links
data:text/html,%3Ca
href%3D"https%3A%2F%2Fexample.org%2F%26%23x7F%3B"%3Especial URL
path%3C%2Fa%3E %3Ca
href%3D"javascript%3Aalert('%26%23x7F%3B')"%3Enon-special URL
path%3C%2Fa%3E %3Ca
href%3D"https%3A%2F%2Fexample.org%2F%23%26%23x7F%3B"%3EURL
fragment%3C%2Fa%3E
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5651438652882944
This intent message was generated by Chrome Platform Status.
--
Frédéric Wang