On Thu, 26 Sept 2024 at 02:33, David Benjamin <davidben@chromium.org> wrote: > If the folks are happy with that status quo, great. If folks are unhappy > with that status quo, there's probably room for some work here, possibly > starting by reaching out to WHATWG folks. Either way, I think that is the > decision tree here. > Unhappy with the status quo, so yeah doing something would be good > > It follows then that *someone* should write down the de facto lenient > flavor of URL parsing, so we can collectively avoid the security > consequences. Ideally that *someone* could submit as an RFC what the lenient handling of violation of 3986 (not to obsolete 3986, but to augment it). The problem with the status quo is that the WhatWG's standard is a living document that continually is updated. It is kind of an aspirational guideline of what the browsers are currently striving to implement. But adherence to WhatWG standards is often somewhat variable (see David's post above). Thus rather than implementing that specification, you end up having to do a survey of common browsers and making judgement calls about which to support, and then keep a live lookout for any changes in those implementations It would be so much better if at regular periods, if the key differences and/or extensions of RFC3986 could be summarized in an RFC, that would essentially be the browser community communicating with the wider server/proxy/app community what their current aspirations/expectations are. cheers -- Greg Wilkins <gregw@webtide.com> CTO http://webtide.com
Received on Wednesday, 25 September 2024 22:11:39 UTC