[whatwg/url] valid spoof (#624) from DR460N7 on 2021-07-20 (public-webapps-github@w3.org from July 2021)

From: DR460N7 <notifications@github.com>
Date: Tue, 20 Jul 2021 06:21:44 -0700
To: whatwg/url <url@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/url/issues/624@github.com>
<html>
<body>
<!--StartFragment--><ol style="color: rgb(0, 0, 0); font-family: &quot;Helvetica Neue&quot;, sans-serif, &quot;Droid Sans Fallback&quot;; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;"><li style="margin: 1em 0px;"><p style="margin: 1em 0px;">Let<span> </span><var>endpoint</var><span> </span>be<span> </span><var>settingsObject</var>’s<span> </span><a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-policy-container" id="ref-for-concept-settings-object-policy-container①" style="text-decoration-color: rgba(0, 0, 0, 0.3); color: rgb(0, 0, 204);">policy container</a>’s<span> </span><a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#policy-container-embedder-policy" id="ref-for-policy-container-embedder-policy①" style="text-decoration-color: rgba(0, 0, 0, 0.3); color: rgb(0, 0, 204);">embedder policy</a>’s<span> </span><a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#embedder-policy-report-only-reporting-endpoint" id="ref-for-embedder-policy-report-only-reporting-endpoint" style="text-decoration-color: rgba(0, 0, 0, 0.3); color: rgb(0, 0, 204);">report only reporting endpoint</a><span> </span>if<span> </span><var>reportOnly</var><span> </span>is true and<span> </span><var>settingsObject</var>’s<span> </span><a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-policy-container" id="ref-for-concept-settings-object-policy-container②" style="text-decoration-color: rgba(0, 0, 0, 0.3); color: rgb(0, 0, 204);">policy container</a>’s<span> </span><a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#policy-container-embedder-policy" id="ref-for-policy-container-embedder-policy②" style="text-decoration-color: rgba(0, 0, 0, 0.3); color: rgb(0, 0, 204);">embedder policy</a>’s<span> </span><a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#embedder-policy-reporting-endpoint" id="ref-for-embedder-policy-reporting-endpoint" style="text-decoration-color: rgba(0, 0, 0, 0.3); color: rgb(0, 0, 204);">reporting endpoint</a><span> </span>otherwise.</p></li><li style="margin: 1em 0px;"><p style="margin: 1em 0px;">Let<span> </span><var>serializedURL</var><span> </span>be the result of<span> </span><a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#serialize-a-response-url-for-reporting" id="ref-for-serialize-a-response-url-for-reporting" style="text-decoration-color: rgba(0, 0, 0, 0.3); color: rgb(0, 0, 204);">serializing a response URL for reporting</a><span> </span>with<span> </span><var>response</var>.</p></li><li style="margin: 1em 0px;"><p style="margin: 1em 0px;">Let<span> </span><var>disposition</var><span> </span>be "<code style="color: rgb(102, 102, 102); font-style: normal; font-size: inherit; font-family: monospace, &quot;Droid Sans Fallback&quot;, &quot;Helvetica Neue&quot;, sans-serif; font-variant: normal;">reporting</code>" if<span> </span><var>reportOnly</var><span> </span>is true; otherwise "<code style="color: rgb(102, 102, 102); font-style: normal; font-size: inherit; font-family: monospace, &quot;Droid Sans Fallback&quot;, &quot;Helvetica Neue&quot;, sans-serif; font-variant: normal;">enforce</code>".</p></li><li style="margin: 1em 0px;"><p style="margin: 1em 0px;">Let<span> </span><var>body</var><span> </span>be a new object containing the following properties:</p>

key | value
-- | --
"type" | "corp"
"blockedURL" | serializedURL
"destination" | destination
"disposition" | disposition

</li><li style="margin: 1em 0px;"><p style="margin: 1em 0px;"><a data-link-type="dfn" href="https://w3c.github.io/reporting/#reporting-queue" id="ref-for-reporting-queue" style="text-decoration-color: rgba(0, 0, 0, 0.3); color: rgb(0, 0, 204);">Queue</a><span> </span><var>body</var><span> </span>as the<span> </span><a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#coep-report-type" id="ref-for-coep-report-type" style="text-decoration-color: rgba(0, 0, 0, 0.3); color: rgb(0, 0, 204);">"<code style="color: orangered; font-style: normal; font-size: inherit; font-family: monospace, &quot;Droid Sans Fallback&quot;, &quot;Helvetica Neue&quot;, sans-serif; font-variant: normal;">coep</code>" report type</a><span> </span>for<span> </span><var>endpoint</var><span> </span>on<span> </span><var>settingsObject</var>.<span> </span><a data-link-type="biblio" href="https://fetch.spec.whatwg.org/#biblio-reporting" style="text-decoration-color: rgba(0, 0, 0, 0.3); color: rgb(0, 0, 204);">[REPORTING]</a></p></li></ol><!--EndFragment-->
</body>
</html>

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/url/issues/624
Received on Tuesday, 20 July 2021 13:21:56 UTC