W3C home > Mailing lists > Public > public-html-diffs@w3.org > February 2012

hixie: Loosen this requirement a bit to be more realistic. (whatwg r6985)

From: poot <cvsmail@w3.org>
Date: Thu, 09 Feb 2012 18:13:21 -0500
To: public-html-diffs@w3.org
Message-Id: <E1RvdB3-0007kJ-6I@jay.w3.org>
hixie: Loosen this requirement a bit to be more realistic. (whatwg
r6985)

http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.5578&r2=1.5579&f=h
http://html5.org/tools/web-apps-tracker?from=6984&to=6985

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.5578
retrieving revision 1.5579
diff -u -d -r1.5578 -r1.5579
--- Overview.html	9 Feb 2012 00:33:50 -0000	1.5578
+++ Overview.html	9 Feb 2012 23:13:08 -0000	1.5579
@@ -54306,8 +54306,9 @@
   certain subdomains, content types, or schemes.</p>
 
   <p><strong>Leaking secure URLs.</strong> User agents should not send
-  HTTPS URLs to third-party sites registered as content handlers, in
-  the same way that user agents do not send <code title="http-referer">Referer</code> (sic) HTTP headers from secure
+  HTTPS URLs to third-party sites registered as content handlers
+  without the user's informed consent, for the same reason that user
+  agents sometimes avoid sending <code title="http-referer">Referer</code> (sic) HTTP headers from secure
   sites to third-party sites.</p>
 
   <p><strong>Leaking credentials.</strong> User agents must never send
Received on Thursday, 9 February 2012 23:13:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 9 February 2012 23:13:23 GMT