Bug 229490

navigator.canShare({ url: "http://a.b:65536" }) > false (not supported in Chrome and Firefox) new URL("http://a.b:65536") > TypeError new URL("http://a.b:65536") > URL {href: "http://a.b.65535/", ...} (Same as Chrome and Firefox.) C++ auto url = URL(URL(), "http://a.b:65536"); WTFLogAlways("valid? %d", url.isValid()); > valid? 0 Maybe you're using WebKit that is several years old, or maybe you're looking at the wrong thing.

Sorry, yes. Seems I misread which test was failing. It was one to do with data: URLs rather: https://wpt.fyi/results/web-share/share-url-invalid.https.html?label=experimental&label=master&aligned I'll follow up in a different bug for that.

I think the relevant sentence in the spec is this: "If |url| is a URL the user agent deems potentially hostile (e.g., "file:") or wouldn't make sense to outside the scope of the document (e.g., "blob:"), return false." from https://w3c.github.io/web-share/ I'm wondering why Edge and the web platform tests think that include data URLs. They make sense outside the scope of the document and it's a judgement call as to whether the user agent deems them potentially hostile.

(In reply to Alex Christensen from comment #3) > I think the relevant sentence in the spec is this: > "If |url| is a URL the user agent deems potentially hostile (e.g., "file:") > or wouldn't make sense to outside the scope of the document (e.g., "blob:"), > return false." > from https://w3c.github.io/web-share/ Yes, I added that a few days ago - but it's a bit of a stop-gap for the reason you mention: > I'm wondering why Edge and the web platform tests think that include data > URLs. They make sense outside the scope of the document and it's a > judgement call as to whether the user agent deems them potentially hostile. I made the following proposal: https://github.com/w3c/web-share/issues/178#issuecomment-904241285 """ Disallow sharing to "local scheme" ("about", "blob", or "data"), file, and "javascript", and any other scheme the UA doesn't want to share (e.g., internal "moz-icon:" or whatever). Allow sharing HTTP(S) scheme and, optionally, any of the "safe-listed schemes". That should give us broad coverage, while allowing the UA to retain control over what's actually shared, while excluding the "bad ones". """ "safe-listed schemes" are: https://html.spec.whatwg.org/#safelisted-scheme That's basically what I implemented in Gecko.