- From: poot <cvsmail@w3.org>
- Date: Thu, 16 Oct 2008 09:57:23 +0900 (JST)
- To: public-html-diffs@w3.org
there's a security risk if we allow pages in one domain to fallback to
pages in another domain. (whatwg r2342)
5.7.3.3 Parsing cache manifests
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1515.html#parsing-cache-manifests
http://people.w3.org/mike/diffs/html5/spec/Overview.diff.html
http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.1514&r2=1.1515&f=h
http://html5.org/tools/web-apps-tracker?from=2341&to=2342
===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.1514
retrieving revision 1.1515
diff -u -d -r1.1514 -r1.1515
--- Overview.html 16 Oct 2008 00:53:24 -0000 1.1514
+++ Overview.html 16 Oct 2008 00:54:33 -0000 1.1515
@@ -27676,14 +27676,10 @@
<p>If either fails, then jump back to the step labeled "start of
line".</p>
- <p>If the <a href=#absolute-url>absolute URL</a> corresponding to <var title="">part one</var> does not have the <a href=#same-origin>same
- origin</a> as the manifest's URL, then jump back to the step
- labeled "start of line".</p> <!-- SECURITY -->
-
- <p>If the resulting <a href=#absolute-url>absolute URL</a> for <var title="">part two</var> has a different <a href=#url-scheme title=url-scheme><scheme></a> component than the
- manifest's URL (compared in an <a href=#ascii-case-insensitive>ASCII
- case-insensitive</a> manner), then jump back to the step
- labeled "start of line".</p>
+ <p>If the <a href=#absolute-url>absolute URL</a> corresponding to either <var title="">part one</var> or <var title="">part two</var> does not
+ have the <a href=#same-origin>same origin</a> as the manifest's URL, then
+ jump back to the step labeled "start of line".</p> <!-- SECURITY
+ -->
<p>Drop any the <a href=#url-fragment title=url-fragment><fragment></a> components of the
resulting <a href=#absolute-url title="absolute URL">absolute URLs</a>.</p>
Received on Thursday, 16 October 2008 00:57:59 UTC