W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2013

Re: Blank blocked-uris

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Mon, 11 Feb 2013 21:25:54 +0100
To: "Hill, Brad" <bhill@paypal-inc.com>
Cc: Mike West <mkwst@google.com>, Neil Matatall <neilm@twitter.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <71kih81aulgamvttc7pc3qleiclq2jkt5k@hive.bjoern.hoehrmann.de>
* Hill, Brad wrote:
>Perhaps "if the URL does not contain an authority component" is the 
>correct language,  from http://tools.ietf.org/html/rfc3986#section-3.1 ?

That says something about instances, while the intent is to talk about
classes; for example, `javascript://example.com/` contains an authority
component, even though the 'javascript' scheme does not use registered
names in its syntax. If you want a stable reference for this, you could
say "If the Origin of the URI is (defined to be) a globally unique
identifier ..." with reference to RFC 6454, section 4.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Monday, 11 February 2013 20:26:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 11 February 2013 20:26:22 GMT