- From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
- Date: Thu, 16 Oct 2008 00:54:36 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/spec
In directory hutz:/tmp/cvs-serv28432
Modified Files:
Overview.html
Log Message:
there's a security risk if we allow pages in one domain to fallback to pages in another domain. (whatwg r2342)
Index: Overview.html
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.1514
retrieving revision 1.1515
diff -u -d -r1.1514 -r1.1515
--- Overview.html 16 Oct 2008 00:53:24 -0000 1.1514
+++ Overview.html 16 Oct 2008 00:54:33 -0000 1.1515
@@ -27676,14 +27676,10 @@
<p>If either fails, then jump back to the step labeled "start of
line".</p>
- <p>If the <a href=#absolute-url>absolute URL</a> corresponding to <var title="">part one</var> does not have the <a href=#same-origin>same
- origin</a> as the manifest's URL, then jump back to the step
- labeled "start of line".</p> <!-- SECURITY -->
-
- <p>If the resulting <a href=#absolute-url>absolute URL</a> for <var title="">part two</var> has a different <a href=#url-scheme title=url-scheme><scheme></a> component than the
- manifest's URL (compared in an <a href=#ascii-case-insensitive>ASCII
- case-insensitive</a> manner), then jump back to the step
- labeled "start of line".</p>
+ <p>If the <a href=#absolute-url>absolute URL</a> corresponding to either <var title="">part one</var> or <var title="">part two</var> does not
+ have the <a href=#same-origin>same origin</a> as the manifest's URL, then
+ jump back to the step labeled "start of line".</p> <!-- SECURITY
+ -->
<p>Drop any the <a href=#url-fragment title=url-fragment><fragment></a> components of the
resulting <a href=#absolute-url title="absolute URL">absolute URLs</a>.</p>
Received on Thursday, 16 October 2008 00:54:46 UTC