| 05:31 | <annevk> | Domenic: I think special cased is the way to go, though it makes me wonder how the other positional methods should end up working there, beforeUnsafeHTML and such |
| 05:31 | <annevk> | Domenic: and yeah, it should be available on ShadowRoot too |
| 17:19 | <bakkot> | I'm looking at the URL object protocol setter: https://url.spec.whatwg.org/#dom-url-protocol |
| 17:19 | <bakkot> | it runs https://url.spec.whatwg.org/#concept-basic-url-parser |
| 17:20 | <bakkot> | the latter has
|
| 17:20 | <bakkot> | "special scheme" meaning http, https, etc |
| 17:20 | <bakkot> | does that mean that x = new URL('http:bar'); x.protocol = 'notspecial'; x.protocol should give me http:? |
| 17:21 | <bakkot> | because it does not |
| 17:21 | <bakkot> | in any browser |
| 17:22 | <bakkot> | it does in Node though, possibly because they were following the spec |
| 18:36 | <Yagiz Nizipli> | Web-platform tests show that all browsers are behind in URL tests - https://wpt.fyi/results/url?label=experimental&label=master&aligned |
| 18:40 | <Yagiz Nizipli> | Here is a relevant test for non-special scheme to special scheme setter: https://github.com/web-platform-tests/wpt/blob/da479d7ffdf4231062582eb84f1a0309e1e8d7fd/url/resources/setters_tests.json#L205 |
| 18:58 | <freddy> | https://infosec.zeyu2001.com/2023/from-xs-leaks-to-ss-leaks I wonder if the behavior for a samesite leak could be fixed across browsers? |
| 18:58 | <annevk> | bakkot: yeah, that's the idea |
| 18:59 | <annevk> | bakkot: there's an open issue on this and we might change it, but it would require a reparse of the entire URL, which is rather ugly, so I hope browsers can get this fixed |
| 19:01 | <freddy> |
|
| 19:04 | <annevk> | freddy: there's a number of issues on <object> loading against whatwg/html; someone would have to try I suppose |
| 19:13 | <ljharb> | bakkot: there's an open issue on this and we might change it, but it would require a reparse of the entire URL, which is rather ugly, so I hope browsers can get this fixed |