- From: Domenic Denicola <notifications@github.com>
- Date: Tue, 19 Mar 2019 14:02:50 +0000 (UTC)
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 19 March 2019 14:03:35 UTC
domenic commented on this pull request. > @@ -2476,39 +2476,83 @@ background information. [[!HTML]] <h3 id=url-rendering>URL rendering</h3> <!-- See https://www.w3.org/Bugs/Public/show_bug.cgi?id=27641 for context --> -<p>A <a for=/>URL</a> should be rendered in its <a lt="URL serializer">serialized</a> -form, with these modifications: +<p>A <a for=/>URL</a> should be rendered in its <a lt="URL serializer">serialized</a> form, with +modifications described below when the primary purpose of displaying a URL is to have the user make +a security decision (e.g., users are expected to make trust decisions based on a URL rendered in the +browser address bar). + +<h4 id=url-rendering-simplification>Simplify non-human-readable or irrelevant components</h4> + +<p>Remove components that may provide opportunities for spoofing or distract from security-relevant +information: <ul class=brief> Removing the `class=brief` from these `<ul>`s would make the result much prettier, I expect. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/url/pull/434#pullrequestreview-216173998
Received on Tuesday, 19 March 2019 14:03:35 UTC