Re: [whatwg/url] Restructure URL rendering section and add additional guidance (#434) from Michael[tm] Smith on 2019-03-21 (public-webapps-github@w3.org from March 2019)

From: Michael[tm] Smith <notifications@github.com>
Date: Thu, 21 Mar 2019 05:17:46 -0700
To: whatwg/url <url@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/url/pull/434/review/217200962@github.com>

sideshowbarker commented on this pull request.

Copy edits

> @@ -2476,39 +2476,84 @@ background information. [[!HTML]]
 <h3 id=url-rendering>URL rendering</h3>
 <!-- See https://www.w3.org/Bugs/Public/show_bug.cgi?id=27641 for context -->
 
-<p>A <a for=/>URL</a> should be rendered in its <a lt="URL serializer">serialized</a>
-form, with these modifications:
+<p>A <a for=/>URL</a> should be rendered in its <a lt="URL serializer">serialized</a> form, with
+modifications described below when the primary purpose of displaying a URL is to have the user make

Adding a comma after “below” in this sentence would improve readability

>  
- <li><p>A <a for=/>URL</a>'s <a for=url>host</a> should be rendered using
- <a>domain to Unicode</a>.
+<p>Remove components that may provide opportunities for spoofing or distract from security-relevant
+information:
+
+<ul>
+ <li><p>Browsers may render only a URL’s <a for=url>host</a> in places where it is important
+ for users to distinguish between the host and other parts of the URL such as the <a
+ for=url>path</a>. Browsers may further consider rendering only the URL’s host's <a
+ for=host>registrable domain</a> to remove spoofing opportunities posed by subdomains (e.g.,

Suggest comma after “registrable domain”

>  
+<p>International domain names (IDNs), special characters, and bidirectional text should be handled
+with care to prevent spoofing:
+
+<ul>
+ <li><p>Browser should render a <a for=/>URL</a>'s <a for=url>host</a> using

Should be “Browsers” (plural), for consistency

>  
- <li><p>A <a for=/>URL</a>'s <a for=url>host</a> should be rendered using
- <a>domain to Unicode</a>.
+<p>Remove components that may provide opportunities for spoofing or distract from security-relevant

Suggest “components that can provide opportunities” (“can” instead “may”), for consistency with WHATWG style that, which avoids use of “may” in any non-normative sense.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/url/pull/434#pullrequestreview-217200962

Received on Thursday, 21 March 2019 12:18:09 UTC