[Bug 24026] Document that URLs (destinationURL) should/may be validated and/or normalized from bugzilla@jessica.w3.org on 2013-12-13 (public-html-bugzilla@w3.org from December 2013)

From: <bugzilla@jessica.w3.org>
Date: Fri, 13 Dec 2013 00:22:02 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-24026-2486-MlW9fePq4X@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=24026

Adrian Bateman [MSFT] <adrianba@microsoft.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
                 CC|                            |adrianba@microsoft.com

--- Comment #2 from Adrian Bateman [MSFT] <adrianba@microsoft.com> ---
This is mostly driven from security considerations. We don't want to pass
around strings purporting to contain URLs without checking them.

I propose that we explicitly allow UAs to cleanse (validate/normalize) URLs and
that we add a note to the security considerations reminding implementers that
these URLs should also be treated as untrusted.

Assigning to David.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Friday, 13 December 2013 00:22:04 UTC