- From: poot <cvsmail@w3.org>
- Date: Thu, 09 Feb 2012 18:13:21 -0500
- To: public-html-diffs@w3.org
hixie: Loosen this requirement a bit to be more realistic. (whatwg r6985) http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.5578&r2=1.5579&f=h http://html5.org/tools/web-apps-tracker?from=6984&to=6985 =================================================================== RCS file: /sources/public/html5/spec/Overview.html,v retrieving revision 1.5578 retrieving revision 1.5579 diff -u -d -r1.5578 -r1.5579 --- Overview.html 9 Feb 2012 00:33:50 -0000 1.5578 +++ Overview.html 9 Feb 2012 23:13:08 -0000 1.5579 @@ -54306,8 +54306,9 @@ certain subdomains, content types, or schemes.</p> <p><strong>Leaking secure URLs.</strong> User agents should not send - HTTPS URLs to third-party sites registered as content handlers, in - the same way that user agents do not send <code title="http-referer">Referer</code> (sic) HTTP headers from secure + HTTPS URLs to third-party sites registered as content handlers + without the user's informed consent, for the same reason that user + agents sometimes avoid sending <code title="http-referer">Referer</code> (sic) HTTP headers from secure sites to third-party sites.</p> <p><strong>Leaking credentials.</strong> User agents must never send
Received on Thursday, 9 February 2012 23:13:22 UTC