I thought you were kidding about Quirks.cpp, but it is indeed true. I can imagine a few nightmarish scenarios where a quirk that was originally a fix becomes a bug when a company decides to alter its website. Worse still, the new code will probably work perfectly in a test environment, and then fail when you deploy to your actual domain. Some developer somewhere will be tearing their hair out trying to understand what the heck is going on...

m_hasBrokenEncryptedMediaAPISupportQuirk = domain == "starz.com" || domain.endsWith(".starz.com") || domain == "youtube.com" || domain.endsWith(".youtube.com") || domain == "hulu.com" || domain.endsWith("hulu.com");

Wow I thought you were kidding.

It gets worse if you search for "microsoft.com" [1] or "bbc.co.uk" in the codebase. They literally grant cross domain storage access because Microsoft's login workflow is broken in regards to CORS headers.

I mean, imagine a developer trying to fix their code behaving completely different on iOS and they cannot have a single clue why that is the case.

Additionally, WebKit is released very late to the public (sometimes even after fixes have been rolled out to iOS)...and before that nobody from the outside can even know what's going on.

From a maintainability point of view things like this should be - in worst case - a Web Extension, but definitely not be inside a Browser source codebase.

Youtube is even worse once you dig through the Apple internal plugin replacement, which effectively implements a native C++ decoder for youtube streams on iOS because otherwise you could not watch videos there. This was done before as a WebCore plugin but has been moved around into the PluginProcess source-code wise over the last two months (and currently blocks me from merging in changes, so I have to backport fixes after I removed all legacy plugin APIs).

[1] https://github.com/WebKit/WebKit/search?q=microsoft.com

> quirks.cpp

this is also why video card drivers are so huge; the fixes to games made at the driver level. this kind of thing happens a lot.

Are there details about this? I've read that nvidia drivers would actually patch game code by replacing functions at runtime.

Both ATI/AMD and nVidia use all kinds of tricks to outcompete each other since gamers only look at the fps count. That means driver optimization for specific games, even dropping fidelity a bit when that means more fps. Also, nVidia has teams that take over engine code to 'help' software devs making the most of their hardware which gives them an opportunity to push specific approaches that don't work as well on their competitors cards.

"Nvidia Gimpworks" - it isn't said in the video, but: while these techniques are slow on nVidia, they are even slower on AMD. Especially gratuitous tessellation. https://youtu.be/AUO3LEjWsw0

If a triple A video game comes out there is always a game ready driver that is released at the same time and date of release.

You would think that they would have at least have made it into a configuration file, instead of literally hard coding rules for specific website domains directly in the browser rendering engine C++ code?

But why would they make it a config file, when they can just add it to the code?

Config files are like code, but even more shit. You never get the full set of functionality that you get with code, the compiler doesn't check your work, code navigation can't help you, and there's no debugger.

Whew, you need to try some Dhall then. Types, functions, imports all in a non-Turing-complete configuration language.

It sounds kind of funny to say “this should be in a config, not in code, but here’s a config language that lets you code your config”.

Regardless, I don’t think Dhali was around at the time Quirks.cpp was created.

Funny story, my first exposure to ruby was using it to write ant (or was it maven) config files (EJB nightmares) because the XML config sucked pretty bad (around Rails 1.0 era). It was far more concise and easy to work with, being an actual language and English readable, but I was never sure it was a good idea in a large team environment. If Java hadn’t been so cumbersome I would have used it for config as well instead of the hot garbage XML config was (is still?). I’ve seen a bajillion attempts at config languages since then. Most not great.

A lot of times 2 variables and a `map` function is all I wanted and the config would have been pleasant. Getting type errors in my editor and being able to extend record defaults was the cherry on top.

this looks like a bug? [0]

    || domain.endsWith("hulu.com");

should be ".hulu.com", since anyone can register a <*>hulu.com

[0] https://github.com/WebKit/WebKit/blob/ce237483d034e41eff8cc5...

Whoever owns cthulu.com may be wondering why browsers behave weirdly only on their production servers.

That is odd. Yet a strict check against “hulu.com” is also included, and YouTube is checked for “.youtube.com” and “youtube.com”. Perhaps this fix was to prevent malicious behavior, so they included anyone who might be phishing or abusing the API in some way? I think someone would have to dig into the quirk itself to find out more.

Note that this is very likely due to everchanging CDN domain names. If they spawn servers on demand, they're probably as messed up as googlevideo.com (which also uses hashed subdomain names).

Microsoft took a somewhat similar approach with their “ Super Duper Secure Mode” in Edge. It disables the JIT in the V8 JavaScript engine to reduce the attack area of the browser:

https://microsoftedge.github.io/edgevr/posts/Super-Duper-Sec...

  // FIXME: Remove after the site is fixed, <rdar://problem/75792913>
  bool Quirks::shouldHideSearchFieldResultsButton() const

    if (topPrivatelyControlledDomain(m_document->topDocument().url().host().toString()).startsWith("google."))
        return true;

I suppose it wasn't fixed...

That was a good read! Thanks for the links.