W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2013

Re: Blank blocked-uris

From: Mike West <mkwst@google.com>
Date: Mon, 18 Mar 2013 11:27:10 +0100
Message-ID: <CAKXHy=c3qDHrkVZnM-mW7eaNbYBYAwEVCh4o15F-DN8iaDibyA@mail.gmail.com>
To: Bjoern Hoehrmann <derhoermi@gmx.net>
Cc: "Hill, Brad" <bhill@paypal-inc.com>, Neil Matatall <neilm@twitter.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
I've made this change as Björn suggested:
https://dvcs.w3.org/hg/content-security-policy/rev/289e147479bc

Thanks!

-mike

--
Mike West <mkwst@google.com>, Developer Advocate
Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91


On Mon, Feb 11, 2013 at 9:25 PM, Bjoern Hoehrmann <derhoermi@gmx.net> wrote:

> * Hill, Brad wrote:
> >Perhaps "if the URL does not contain an authority component" is the
> >correct language,  from http://tools.ietf.org/html/rfc3986#section-3.1 ?
>
> That says something about instances, while the intent is to talk about
> classes; for example, `javascript://example.com/` contains an authority
> component, even though the 'javascript' scheme does not use registered
> names in its syntax. If you want a stable reference for this, you could
> say "If the Origin of the URI is (defined to be) a globally unique
> identifier ..." with reference to RFC 6454, section 4.
> --
> Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
> Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
> 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
>
Received on Monday, 18 March 2013 10:27:58 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:00 UTC