In particular, UnsafelyCreateOriginWithoutNormalization, CreateFromNormalizedTupleWithSuborigin, and eventually the nonce (once https://chromium-review.googlesource.com/c/chromium/src/+/745986 is LGed and lands) should not be exposed outside of url.