Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:126948
Date: Tue, 25 Mar 2025 16:53:08 -0700 (PDT)
To: =?UTF-8?Q?M=C3=A1t=C3=A9_Kocsis?= <kocsismate90@gmail.com>
Cc: Internals <internals@lists.php.net>
Subject: Re: [PHP-DEV] [RFC] [Discussion] Add WHATWG compliant URL parsing API
Message-ID: <70BF6861-883A-4B69-9AF4-2EE9031B1922@automattic.com>
In-Reply-To: <A0229B50-4238-4C1F-8339-D0552813FF69@automattic.com>
References: <CAH5C8xUb1O20ZDrOQNC=ckFxHUUWSK7sw_njQQzFBd0qgQqoww@mail.gmail.com>
	<dd61999c-1ebd-4765-9add-cd8065968965@gmail.com>
	<CAOV5rgYZ_s1of-igLFEK7oqqh6=3HeYv0=JvvKvvjkcp0F6Q9Q@mail.gmail.com>
	<CAH5C8xV67frqOBCvLt73RM7QO86_pu40sHP5h71_kDRbKPtA8Q@mail.gmail.com>
	<1BCB4144-231D-45EA-A914-98EE8F0F503A@automattic.com>
	<8E614C9C-BA85-45D8-9A4E-A30D69981C5D@automattic.com>
	<CAH5C8xV69pHnSKWJrVB8EQab7vPhcaXAwYezoG6z3Oj7ZkXBaQ@mail.gmail.com>
	<044E7A8E-B79D-44DB-B572-102A80CDFC3C@automattic.com>
	<CAH5C8xWpquzmvtbSk6=mL4U0z=Tupv2zD+FXag+zenF7q04HUQ@mail.gmail.com>
	<CAH5C8xXeJf96ETaphZvKoX19Ssd_Uc=8jMbc4J-HuciCUF=XzA@mail.gmail.com>
	<A0229B50-4238-4C1F-8339-D0552813FF69@automattic.com>
Precedence: bulk
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="=_F1FAFBD5-55B6-4D79-B789-EBC35164BCEA"
From: dennis.snell@automattic.com (Dennis Snell)


--=_F1FAFBD5-55B6-4D79-B789-EBC35164BCEA
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable










> On Mar 25, 2025, at 4:06 PM, Dennis Snell <dennis.snell@automattic.com> w=
rote:
>=20
>=20
>> On Mar 25, 2025, at 3:23 PM, M=C3=A1t=C3=A9 Kocsis <kocsismate90@gmail.c=
om> wrote:
>>=20
>>=20
>> Hi Dennis,
>>=20
>>=20
>>> I am myself also a bit lost on the countless names that I tried out in =
the implementation, but I think I had toHumanFriendlyString() and toDisplay=
FriendlyString() methods at some point. These then ended up being toString(=
) and toDisplayString() after some iterations. I would be ok with renaming =
getHost() and toString() so=C2=A0that their names suggest they don't use ID=
NA,=C2=A0but I'd clearly need a good enough=C2=A0suggestion, since neither =
"MachineFriendly", nor "NonDisplayable" sound like the best alternative for=
 me. I was also considering using getIdnaHost() and toIdnaString(), but I r=
ealized these are the worst looking names I have come up with so=C2=A0far.
>>>=20
>>>=20
>>>=20
>>=20
>> What about getPunycodeHost(), getUnicodeHost(), toPunycodeString(), toUn=
icodeString()? Or getAsciiHost() and toAsciiString() may also work. These a=
re the best names I managed to come up with so far.
>>=20
>>=20
>> In the=C2=A0meantime, I renamed RFC 3986's toString() methods too accord=
ing to another suggestion:
>> - toString() became toRawString()
>> - toNormalizedString() became toString()
>>=20
>>=20
>> The new names mirror exactly what their getter counterparts do.
>>=20
>>=20
>> M=C3=A1t=C3=A9=C2=A0
>>=20
>>=20
>=20
> Hi M=C3=A1t=C3=A9,
>=20
>=20
> I=E2=80=99ve been pondering these names for the past week and a half and =
I couldn=E2=80=99t think of anything, but at first glance I like getUnicode=
Host() and getAsciiHost(). These communicate=C2=A0a little bit the nuance, =
though they aren=E2=80=99t totally in-your-face (which in this case I wish =
there were a more obvious pair that is).
>=20
>=20
> Other pairs I was toying with but don=E2=80=99t like are:
> =C2=A0- getPrintHost() / getDataHost()
> =C2=A0- getDisplayHost() / getAPIHost()
> =C2=A0- getDisplayHost() / getEncodedHost()
> =C2=A0- getDisplayHost() / getEscapedHost()
>=20
>=20
> (the same pairs would apply to the other methods, like toDisplayString() =
/ toEncodedString())
>=20
>=20
> This seems to be taking a lot of effort and time, but thank you still for=
 engaging with it =E2=80=94 naming is hard! But it=E2=80=99s worth it.
>=20
>=20

Just for fun I have tossed this into DeepSeek-R1 671B


>=C2=A0WHATWG URLs have two representations: one for humans and one for mac=
hines. The reason for having two is that URLs may have IDNA domains which a=
re punycode encoded and there are security issues around showing that to hu=
amns. For example, if a person reads "https://xn--google.com" they may assu=
me that the domain belongs to Google, when in fact it points to "https://=
=E4=95=AE=E4=95=B5=E4=95=B6=E4=95=B1.com". You are a modern programming lan=
guage designer working on a standard library to expose a URL parser and you=
 want the interface of this library to educate developers on where to use t=
he appropriate representation. Given a URL object $u of class URL, propose =
two methods for converting that URL to a string. The name of the methods sh=
ould communicate their use, and when a developer searches for the right met=
hod to get the string form, they should not be presented with a non-prefixe=
d and prefixed pair like toString() and toHumanString(). Instead, the metho=
ds names should form a kind of symmetric pair like toEncodedString() and to=
DisplayString(). Use your knowledge of WHATWG URL nuances, browser security=
 issues, human developers making typical mistakes, and propose at least ten=
 pairs of words that could be used for returning these two different repres=
entations.


A few of the ideas that it returned which stuck out were:


=C2=A0- toDataString() / toViewString() and getDataHost() / getViewHost()
=C2=A0- toSerializedString() / toReadableString() and getSerializedHost() /=
 getReadableHost()
=C2=A0- toProcessingString() / toSafeDisplayString() and getProcessingHost(=
) / getSafeDisplayHost()


After checking in the Gecko source code, I sadly only found helper methods =
which take a URL/URI and transform them:


=C2=A0- prepareUrlForDisplay()
=C2=A0- unEscapeURIForUI()


Node seems to punt on this by providing `URL.format()` with a `{ unicode: b=
oolean }` option. These all seem to miss the mark, in my opinion, because o=
f how easy it is to assume that `toString()` or `.host` is what you=
=E2=80=99re after.


Thanks for entertaining the extra follow-up here.


Warmly,
Dennis Snell


--=_F1FAFBD5-55B6-4D79-B789-EBC35164BCEA
Content-Type: text/html;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w=
3.org/TR/REC-html40/loose.dtd">
<html>
<head>
<meta charset=3D"utf-8">
<style>body{font-family:-apple-system,Helvetica,Arial,sans-serif;}blockquot=
e{margin:0;padding:0 0 0 12px;border-left:1px solid #aaa;color:#aaa;}hr.uni=
box-forward{border:0;color:#888;background-color:#888;height:1px;}</style>
</head>
<body>
<div><br></div>
<div><br></div>
<div><br></div>
<div class=3D"unibox-signature"></div>
<div><br></div>
<blockquote type=3D"cite">
<div>On Mar 25, 2025, at 4:06 PM, Dennis Snell &lt;dennis.snell@automattic.=
com&gt; wrote:</div>
<div><br></div>
<div style=3D"font-family: -apple-system, Helvetica, Arial, sans-serif;">
<blockquote type=3D"cite" style=3D"margin: 0px; padding: 0px 0px 0px 12px; =
border-left-width: 1px; border-left-style: solid; border-left-color: rgb(17=
0, 170, 170); color: rgb(170, 170, 170); font-family: -apple-system, Helvet=
ica, Arial, sans-serif; font-variant-caps: normal; font-weight: 400; text-d=
ecoration: none;">
<div>On Mar 25, 2025, at 3:23 PM, M=C3=A1t=C3=A9 Kocsis &lt;kocsismate90@gm=
ail.com&gt; wrote:</div>
<div><br></div>
<div dir=3D"ltr" style=3D"caret-color: rgb(0, 0, 0); font-family: -webkit-s=
tandard; font-variant-caps: normal; font-weight: 400; text-decoration: none=
;">Hi Dennis,</div>
<div dir=3D"ltr" style=3D"caret-color: rgb(0, 0, 0); font-family: -webkit-s=
tandard; font-variant-caps: normal; font-weight: 400; text-decoration: none=
;"><br></div>
<div class=3D"gmail_quote gmail_quote_container" style=3D"caret-color: rgb(=
0, 0, 0); font-family: -webkit-standard; font-variant-caps: normal; font-we=
ight: 400; text-decoration: none;">
<blockquote class=3D"gmail_quote" style=3D"margin: 0px 0px 0px 0.8ex; paddi=
ng: 0px 0px 0px 1ex; border-left-width: 1px; border-left-style: solid; bord=
er-left-color: rgb(204, 204, 204); color: rgb(170, 170, 170);"><div dir=3D"=
ltr"><div class=3D"gmail_quote"><div>I am myself also a bit lost on the cou=
ntless names that I tried out in the implementation, but I think I had toHu=
manFriendlyString() and toDisplayFriendlyString() methods at some point. Th=
ese then ended up being toString() and toDisplayString() after some iterati=
ons. I would be ok with renaming getHost() and toString() so=C2=A0that thei=
r names suggest they don't use IDNA,=C2=A0but I'd clearly need a good enoug=
h=C2=A0suggestion, since neither "MachineFriendly", nor "NonDisplayable" so=
und like the best alternative for me. I was also considering using getIdnaH=
ost() and toIdnaString(), but I realized these are the worst looking names =
I have come up with so=C2=A0far.</div></div></div></blockquote>
<div><br></div>
<div>What about getPunycodeHost(), getUnicodeHost(), toPunycodeString(), to=
UnicodeString()? Or getAsciiHost() and toAsciiString() may also work. These=
 are the best names I managed to come up with so far.</div>
<div><br></div>
<div>In the=C2=A0meantime, I renamed RFC 3986's toString() methods too acco=
rding to another suggestion:</div>
<div>- toString() became toRawString()</div>
<div>- toNormalizedString() became toString()</div>
<div><br></div>
<div>The new names mirror exactly what their getter counterparts do.</div>
<div><br></div>
<div>M=C3=A1t=C3=A9=C2=A0</div>
</div>
</blockquote>
<div style=3D"caret-color: rgb(0, 0, 0); font-family: -apple-system, Helvet=
ica, Arial, sans-serif; font-variant-caps: normal; font-weight: 400; text-d=
ecoration: none;"><br></div>
<div style=3D"caret-color: rgb(0, 0, 0); font-family: -apple-system, Helvet=
ica, Arial, sans-serif; font-variant-caps: normal; font-weight: 400; text-d=
ecoration: none;">Hi M=C3=A1t=C3=A9,</div>
<div style=3D"caret-color: rgb(0, 0, 0); font-family: -apple-system, Helvet=
ica, Arial, sans-serif; font-variant-caps: normal; font-weight: 400; text-d=
ecoration: none;"><br></div>
<div style=3D"caret-color: rgb(0, 0, 0); font-family: -apple-system, Helvet=
ica, Arial, sans-serif; font-variant-caps: normal; font-weight: 400; text-d=
ecoration: none;">I=E2=80=99ve been pondering these names for the past week=
 and a half and I couldn=E2=80=99t think of anything, but at first glance I=
 like getUnicodeHost() and getAsciiHost(). These communicate<i>=C2=A0</i>a =
little bit the nuance, though they aren=E2=80=99t totally in-your-face (whi=
ch in this case I wish there were a more obvious pair that is).</div>
<div style=3D"caret-color: rgb(0, 0, 0); font-family: -apple-system, Helvet=
ica, Arial, sans-serif; font-variant-caps: normal; font-weight: 400; text-d=
ecoration: none;"><br></div>
<div style=3D"caret-color: rgb(0, 0, 0); font-family: -apple-system, Helvet=
ica, Arial, sans-serif; font-variant-caps: normal; font-weight: 400; text-d=
ecoration: none;">Other pairs I was toying with but don=E2=80=99t like are:=
</div>
<div style=3D"caret-color: rgb(0, 0, 0); font-family: -apple-system, Helvet=
ica, Arial, sans-serif; font-variant-caps: normal; font-weight: 400; text-d=
ecoration: none;">=C2=A0- getPrintHost() / getDataHost()</div>
<div style=3D"caret-color: rgb(0, 0, 0); font-family: -apple-system, Helvet=
ica, Arial, sans-serif; font-variant-caps: normal; font-weight: 400; text-d=
ecoration: none;">=C2=A0- getDisplayHost() / getAPIHost()</div>
<div style=3D"caret-color: rgb(0, 0, 0); font-family: -apple-system, Helvet=
ica, Arial, sans-serif; font-variant-caps: normal; font-weight: 400; text-d=
ecoration: none;">=C2=A0- getDisplayHost() / getEncodedHost()</div>
<div style=3D"caret-color: rgb(0, 0, 0); font-family: -apple-system, Helvet=
ica, Arial, sans-serif; font-variant-caps: normal; font-weight: 400; text-d=
ecoration: none;">=C2=A0- getDisplayHost() / getEscapedHost()</div>
<div style=3D"caret-color: rgb(0, 0, 0); font-family: -apple-system, Helvet=
ica, Arial, sans-serif; font-variant-caps: normal; font-weight: 400; text-d=
ecoration: none;"><br></div>
<div style=3D"caret-color: rgb(0, 0, 0); font-family: -apple-system, Helvet=
ica, Arial, sans-serif; font-variant-caps: normal; font-weight: 400; text-d=
ecoration: none;">(the same pairs would apply to the other methods, like to=
DisplayString() / toEncodedString())</div>
<div style=3D"caret-color: rgb(0, 0, 0); font-family: -apple-system, Helvet=
ica, Arial, sans-serif; font-variant-caps: normal; font-weight: 400; text-d=
ecoration: none;"><br></div>
<div style=3D"caret-color: rgb(0, 0, 0); font-family: -apple-system, Helvet=
ica, Arial, sans-serif; font-variant-caps: normal; font-weight: 400; text-d=
ecoration: none;">This seems to be taking a lot of effort and time, but tha=
nk you still for engaging with it =E2=80=94 naming is hard! But it=E2=80=99=
s worth it.</div>
</div>
</blockquote>
<div><br></div>
<div>Just for fun I have tossed this into DeepSeek-R1 671B</div>
<div><br></div>
<div>&gt;=C2=A0WHATWG URLs have two representations: one for humans and one=
 for machines. The reason for having two is that URLs may have IDNA domains=
 which are punycode encoded and there are security issues around showing th=
at to huamns. For example, if a person reads "https://xn--google.com" they =
may assume that the domain belongs to Google, when in fact it points to "ht=
tps://=E4=95=AE=E4=95=B5=E4=95=B6=E4=95=B1.com". You are a modern programmi=
ng language designer working on a standard library to expose a URL parser a=
nd you want the interface of this library to educate developers on where to=
 use the appropriate representation. Given a URL object $u of class URL, pr=
opose two methods for converting that URL to a string. The name of the meth=
ods should communicate their use, and when a developer searches for the rig=
ht method to get the string form, they should not be presented with a non-p=
refixed and prefixed pair like toString() and toHumanString(). Instead, the=
 methods names should form a kind of symmetric pair like toEncodedString() =
and toDisplayString(). Use your knowledge of WHATWG URL nuances, browser se=
curity issues, human developers making typical mistakes, and propose at lea=
st ten pairs of words that could be used for returning these two different =
representations.</div>
<div><br></div>
<div>A few of the ideas that it returned which stuck out were:</div>
<div><br></div>
<div>=C2=A0- toDataString() / toViewString() and getDataHost() / getViewHos=
t()</div>
<div>=C2=A0- toSerializedString() / toReadableString() and getSerializedHos=
t() / getReadableHost()</div>
<div>=C2=A0- toProcessingString() / toSafeDisplayString() and getProcessing=
Host() / getSafeDisplayHost()</div>
<div><br></div>
<div>After checking in the Gecko source code, I sadly only found helper met=
hods which take a URL/URI and transform them:</div>
<div><br></div>
<div>=C2=A0- prepareUrlForDisplay()</div>
<div>=C2=A0- unEscapeURIForUI()</div>
<div><br></div>
<div>Node seems to punt on this by providing `URL.format()` with a `{ unico=
de: boolean }` option. These all seem to miss the mark, in my opinion, beca=
use of how easy it is to assume that `toString()` or `.host` is what you=
=E2=80=99re after.</div>
<div><br></div>
<div>Thanks for entertaining the extra follow-up here.</div>
<div><br></div>
<div>Warmly,</div>
<div>Dennis Snell</div>
</body>
</html>
--=_F1FAFBD5-55B6-4D79-B789-EBC35164BCEA--