- From: Anne van Kesteren <notifications@github.com>
- Date: Thu, 06 Mar 2025 00:35:00 -0800
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/url/issues/784/2703158966@github.com>
annevk left a comment (whatwg/url#784)
I have implemented #844 (see https://github.com/WebKit/WebKit/pull/41917) and encountered these URLs that give me pause:
- `javascript:void(top.log("iframe script #1"));` from https://github.com/web-platform-tests/wpt/blob/master/html/semantics/scripting-1/the-script-element/execution-timing/108.html
- `javascript:"%252525 ? %252525 # %252525"` from https://github.com/web-platform-tests/wpt/blob/master/html/browsers/browsing-the-web/navigating-across-documents/javascript-url-query-fragment-components.html
- `data:text/html,<script>console.log(window.open('about:blank', 'A') ? 'FAIL' : 'PASS');</script>` from https://github.com/WebKit/WebKit/blob/main/LayoutTests/fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame.html
- And
```
data:text/html,
<script>
var win = window.open('about:blank', '_top');
console.log(win ? 'FAIL' : 'PASS');
</script>
```
from https://github.com/WebKit/WebKit/blob/main/LayoutTests/http/tests/security/no-popup-from-sandbox-top.html
It still seems surmountable, however, it seems nobody on the Google side is still working on URLs as per https://issues.chromium.org/issues/400919461. 🙁
And `javascript:` URLs were excluded from the Interop efforts.
@hayatoito @domenic anyone from Google still willing to push this?
@valenting thoughts?
--
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/url/issues/784#issuecomment-2703158966
You are receiving this because you are subscribed to this thread.
Message ID: <whatwg/url/issues/784/2703158966@github.com>
Received on Thursday, 6 March 2025 08:35:04 UTC