Noam Rosenthal (Gerrit)

unread,

Apr 2, 2026, 8:35:40 AM (yesterday) Apr 2

to Daniel Vogelheim, Chromium LUCI CQ, chromium...@chromium.org, blink-re...@chromium.org, blink-rev...@chromium.org, blink-...@chromium.org, jmedle...@chromium.org, kinuko...@chromium.org, loading-rev...@chromium.org

Attention needed from Daniel Vogelheim and Noam Rosenthal

Noam Rosenthal voted Commit-Queue+1

Commit-Queue

+1

Open in Gerrit

Related details

Attention is currently required from:

Daniel Vogelheim
Noam Rosenthal

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Daniel Vogelheim (Gerrit)

unread,

Apr 2, 2026, 1:56:32 PM (yesterday) Apr 2

to Noam Rosenthal, Mason Freed, Daniel Vogelheim, Chromium LUCI CQ, chromium...@chromium.org, blink-re...@chromium.org, blink-rev...@chromium.org, blink-...@chromium.org, jmedle...@chromium.org, kinuko...@chromium.org, loading-rev...@chromium.org

Attention needed from Mason Freed and Noam Rosenthal

Daniel Vogelheim added 3 comments

File third_party/blink/renderer/core/html/parser/fragment_parser.cc

Line 246, Patchset 6 (Latest): StreamingSanitizer* streaming_sanitizer = nullptr;

Daniel Vogelheim . unresolved

I wonder if this would benefit from a single top-level if-statement for the feature flag. E.g.,

if (RuntimeEnabledFeatures::StreamingSanitizerEnabled()) {
  ... new code ..
} else {
  ... old code ...
}

I find it a bit difficult to follow & compare what we'd do with or without the flag.

File third_party/blink/renderer/core/sanitizer/sanitizer.cc

Line 1319, Patchset 6 (Latest): } else {

Daniel Vogelheim . resolved

style nitpick: Above, you always return from the `if` and return to the top-level block, while here you use `else`. Dropping the `else` would be more consistent.

File third_party/blink/renderer/core/sanitizer/sanitizer_api.h

Line 26, Patchset 6 (Latest): static bool CheckRootElement(Sanitizer::Mode mode,

Daniel Vogelheim . unresolved

The name is technically correct, but IMHO not very descriptive. Maybe `IsContextElementScripty(..)` ? (Which is what the rule is about: If the context element we're inserting into is `<script>` (HTML or SVG), then we just shouldn't set anything.)

Open in Gerrit

Related details

Attention is currently required from:

Mason Freed
Noam Rosenthal

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review

No-Unresolved-Comments

Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Mason Freed (Gerrit)

unread,

1:59 PM (7 hours ago) 1:59 PM

to Noam Rosenthal, Daniel Vogelheim, Chromium LUCI CQ, chromium...@chromium.org, blink-re...@chromium.org, blink-rev...@chromium.org, blink-...@chromium.org, jmedle...@chromium.org, kinuko...@chromium.org, loading-rev...@chromium.org

Attention needed from Noam Rosenthal

Mason Freed voted and added 8 comments

Votes added by Mason Freed

Code-Review

+1

8 comments

Patchset-level comments

File-level comment, Patchset 6 (Latest):

Mason Freed . resolved

Overall LGTM, just some small nits.

File third_party/blink/renderer/core/html/parser/fragment_parser.cc

Line 246, Patchset 6 (Latest): StreamingSanitizer* streaming_sanitizer = nullptr;

Daniel Vogelheim . unresolved

I wonder if this would benefit from a single top-level if-statement for the feature flag. E.g.,
if (RuntimeEnabledFeatures::StreamingSanitizerEnabled()) {
  ... new code ..
} else {
  ... old code ...
}
I find it a bit difficult to follow & compare what we'd do with or without the flag.

Mason Freed

Hmm, I'm not sure I agree (depending on how large the if {} else {} blocks get), but I guess ok either way.

Line 250, Patchset 6 (Latest): StreamingSanitizer::TextNodeMergeMode::kKeepSeparate, options,

Mason Freed . unresolved

side note, I'm unclear on how this is used, so I'll leave it to vogelheim@ to evaluate these settings.

File third_party/blink/renderer/core/sanitizer/sanitizer.h

Line 197, Patchset 6 (Latest): DCHECK(temp_text_node_separators_.empty());

Mason Freed . unresolved

maybe `CHECK`?

Line 184, Patchset 6 (Latest):

  // This is a workaround to keep the fragment-based sanitizer behavior of
  // keeping text nodes separate when the streaming sanitizer would otherwise
  // merge them. See https://github.com/WICG/sanitizer-api/issues/390.

Mason Freed . resolved

Ahh. Ok, thanks, you can ignore my comment above.

File third_party/blink/renderer/core/sanitizer/sanitizer.cc

Line 915, Patchset 6 (Latest):void ReplaceWithChildren(Node* node) {

Mason Freed . unresolved

Maybe `Node& node` since you assume it's non-nullptr.

Line 1319, Patchset 6 (Latest): } else {

Daniel Vogelheim . unresolved

style nitpick: Above, you always return from the `if` and return to the top-level block, while here you use `else`. Dropping the `else` would be more consistent.

Mason Freed

Unresolving because I agree

File third_party/blink/renderer/platform/runtime_enabled_features.json5

Line 5473, Patchset 6 (Latest): name: "StreamingSanitizer",

Mason Freed . unresolved

Please add a quick comment about what this is, and maybe a crbug link.

Open in Gerrit

Related details

Attention is currently required from:

Noam Rosenthal

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review

No-Unresolved-Comments

Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Reply all

Reply to author

Forward

Use streaming sanitizer also for fragment parsing (behind a flag) [chromium/src : main]

Noam Rosenthal (Gerrit)

Noam Rosenthal voted Commit-Queue+1

Related details

Daniel Vogelheim (Gerrit)

Daniel Vogelheim added 3 comments

Related details

Mason Freed (Gerrit)

Mason Freed voted and added 8 comments

Votes added by Mason Freed

8 comments

Related details