HTMLObjectElement.codeBase is a DOMString but reflects as URL

[TimothyGu]

The obsolete HTMLObjectElement.codeBase attribute is defined to reflect the codebase content attribute, which is to be treated as a URL. However, reflection for URLs is only defined for USVString attributes. Here, codeBase is a DOMString.

At a minimum, we should allow URL reflection to work with DOMString, as that's what Firefox and Chrome allow. A possible further step may be to just make all the URL-reflected strings DOMStrings: that's what seems to happen in Firefox anyway. (Chrome sometimes uses USVString, sometimes DOMString.)

[domenic]

I'd rather just update codebase to USVString, and beef up the tests and file bugs to try to get everyone aligned there? Allowing unpaired surrogates in URLs is just... bad...

[annevk]

Running

<!DOCTYPE html>
...<script>
x = document.createElement("object");
x.codeBase = "\uD800test\uFFFD";
w(x.codeBase)
</script>

in https://software.hixie.ch/utilities/js/live-dom-viewer/ shows that Firefox at least does something indistinguishable from USVString. Didn't check other browsers.

Likely for the other URL cases DOMString in IDL is not observable, so changing to DOMString would mainly lose some clarity and require us to do conversion elsewhere as the URL parser wants a scalar value string.

[TimothyGu]

A better test here would probably be x.getAttribute("codebase"). If it appears normalized then we know that the attribute is a USVString. I assume the URL parser does require a scalar value string, so going through the getter (which uses the URL parser) isn’t super instructive. And indeed in Chrome, getAttribute returns the original unpaired surrogate. (Haven’t tested other browsers.)

[annevk]

Ah right, because the setter uses the given value for the attribute set. So yeah, there is a mismatch there.