- From: David Bokan <notifications@github.com>
- Date: Thu, 10 Oct 2019 11:24:56 -0700
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 10 October 2019 18:24:58 UTC
The text directive [isn't invoked on same-document navigations](https://github.com/WICG/ScrollToTextFragment#security) so I think the fact it wouldn't affect setting `location.hash` would work (at least for our case of text fragments, maybe it's limiting for future use cases?). We intentionally want to hide the specified text from page script; even the destination origin shouldn't be able to tell what you've come searching for as that could leak privacy sensitive information. So I think affecting `document.URL` (by removing the directive from it) is desirable. There's some compat risk to this but we've done quite a bit of investigation here, both with Chrome telemetry and scraping the Google search crawler, and feel reasonably confident that this won't affect any sites in the wild (hence the odd-looking choice of `:~:`). -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/url/issues/445#issuecomment-540712000
Received on Thursday, 10 October 2019 18:24:58 UTC