- From: The Moisrex <notifications@github.com>
- Date: Sun, 04 Jan 2026 02:06:02 -0800
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/url/issues/893/3707933723@github.com>
the-moisrex left a comment (whatwg/url#893) Having a few more non-failure validation errors (let's call them warnings at least in the standard), would definitely help. My implementation has options, and with that, I'm able to have a strict mode like this. Though the options are not no where near what a real strict mode should be, and having the specs tell us more of these pitfalls would be better on us implementers. <img width="536" height="435" alt="Image" src="https://github.com/user-attachments/assets/e5d2f8e3-6c1f-44ec-ac31-0fdc90bff052" /> URL is painfully permissive and horribly complex to implement from scratch. Even having the credentials without even giving the parsers URLs that have userinfo causes performance problems since we first have check if the authority contains any '@' and then check again if not. Simply disabling userinfo gives the implementers a chance to do better performance-wise. My point is, having options, even pre-decided packed ones, still gives more security AND performance. I suggest formalizing more warning-style validation errors for each one of the problems I mentioned previously. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/url/issues/893#issuecomment-3707933723 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/url/issues/893/3707933723@github.com>
Received on Sunday, 4 January 2026 10:06:06 UTC