Re: [whatwg/url] Restructure URL rendering section and add additional guidance (#434)

estark37 commented on this pull request.



>  
-<ul class=brief>
- <li><p>A <a for=/>URL</a>'s <a for=url>username</a> and <a for=url>password</a> should
- not be rendered as they can be mistaken for a <a for=/>URL</a>'s <a for=url>host</a>.
- E.g., consider <code>https://examplecorp.com@attacker.example/</code>.
+<h4 id=url-rendering-simplification>Simplify non-human-readable or irrelevant components</h4>
+
+<p>Remove components that may provide opportunities for spoofing or distract from security-relevant
+information:
+
+<ul>
+ <li><p>Browsers are encouraged to only render a URL’s <a for=url>host</a> in places where it is

Done

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/url/pull/434#discussion_r267620430

Received on Thursday, 21 March 2019 04:02:15 UTC