Re: [whatwg/url] Restructure URL rendering section and add additional guidance (#434)

domenic commented on this pull request.



> @@ -2476,39 +2476,83 @@ background information. [[!HTML]]
 <h3 id=url-rendering>URL rendering</h3>
 <!-- See https://www.w3.org/Bugs/Public/show_bug.cgi?id=27641 for context -->
 
-<p>A <a for=/>URL</a> should be rendered in its <a lt="URL serializer">serialized</a>
-form, with these modifications:
+<p>A <a for=/>URL</a> should be rendered in its <a lt="URL serializer">serialized</a> form, with
+modifications described below when the primary purpose of displaying a URL is to have the user make
+a security decision (e.g., users are expected to make trust decisions based on a URL rendered in the
+browser address bar).
+
+<h4 id=url-rendering-simplification>Simplify non-human-readable or irrelevant components</h4>
+
+<p>Remove components that may provide opportunities for spoofing or distract from security-relevant
+information:
 
 <ul class=brief>

Removing the `class=brief` from these `<ul>`s would make the result much prettier, I expect.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/url/pull/434#pullrequestreview-216173998

Received on Tuesday, 19 March 2019 14:03:35 UTC