- From: Emily Stark <notifications@github.com>
- Date: Wed, 20 Mar 2019 18:30:13 +0000 (UTC)
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 20 March 2019 18:30:52 UTC
estark37 commented on this pull request. > @@ -2476,39 +2476,83 @@ background information. [[!HTML]] <h3 id=url-rendering>URL rendering</h3> <!-- See https://www.w3.org/Bugs/Public/show_bug.cgi?id=27641 for context --> -<p>A <a for=/>URL</a> should be rendered in its <a lt="URL serializer">serialized</a> -form, with these modifications: +<p>A <a for=/>URL</a> should be rendered in its <a lt="URL serializer">serialized</a> form, with +modifications described below when the primary purpose of displaying a URL is to have the user make +a security decision (e.g., users are expected to make trust decisions based on a URL rendered in the +browser address bar). + +<h4 id=url-rendering-simplification>Simplify non-human-readable or irrelevant components</h4> + +<p>Remove components that may provide opportunities for spoofing or distract from security-relevant +information: <ul class=brief> Done -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/url/pull/434#discussion_r267486606
Received on Wednesday, 20 March 2019 18:30:52 UTC