### What is the issue with the HTML Standard? I think it should not be possible to execute arbitrary JavaScript code using `navigation.navigate("javascript:alert(1)")`. While this matches the behavior of e.g. `window.location = "alert(1)"`, I believe doing so is unnecessary for a new API. I don’t think there have been a lot of new script execution sinks added recently, the last one that comes to my mind is `setHTMLUnsafe`, which is pretty explicit. If we want to encourage developers to switch from older APIs like `location.href` to newer ones like `navigation.navigate` we should reward them with also being safer. I would also like to point out that we recently removed javascript: protocol support for the \<object\>/\<embed\> elements from Firefox (as per specification), while it’s still supported for \<iframe\>. This is maybe not the best example, but shows that we don’t support javascript: protocol everywhere it would be possible to do so. When following the HTML specification for `navigation.navigate` for the javascript: protocol, you quickly reach [7.4.2.3.2 The javascript: URL special case](https://html.spec.whatwg.org/multipage/browsing-the-web.html#navigate-to-a-javascript:-url), with this fun note at the beginning: > javascript: URLs have a dedicated label on the issue tracker documenting various problems with their specification. I am convinced that **not** supporting the javascript: protocol is actually the more useful behavior and we should change the specification before other browsers ship this API. I hope the Chrome folks would consider deprecating this in their shipping implementation as well.