- From: Domenic Denicola <notifications@github.com>
- Date: Sun, 04 Dec 2022 22:01:41 -0800
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/url/pull/719/review/1203889122@github.com>
@domenic approved this pull request. Mostly seems good, but a few suggestions for how it could be tighter in the face of external specs feeding bad values in to un-guarded algorithms that call the newly-guarded ones. > @@ -175,8 +175,8 @@ bytes that are not <a>ASCII bytes</a> might be insecure and is not recommended. <li><p>Return <var>output</var>. </ol> While checking call sites I noticed that https://url.spec.whatwg.org/#ref-for-string-percent-decode and https://url.spec.whatwg.org/#ref-for-string-percent-decode%E2%91%A2 link to the wrong "percent-decode". > @@ -289,8 +289,8 @@ optional boolean <var>spaceAsPlus</var> (default false), run these steps: of running <a for=string>percent-encode after encoding</a> with <a for=/>UTF-8</a>, <var>codePoint</var> as a <a for=/>string</a>, and <var>percentEncodeSet</var>. -<p>To <dfn export for=string>UTF-8 percent-encode</dfn> a <a for=/>string</a> <var>input</var> using -a <var>percentEncodeSet</var>, return the result of running +<p>To <dfn export for=string>UTF-8 percent-encode</dfn> a <a for=/>scalar value string</a> +<var>input</var> using a <var>percentEncodeSet</var>, return the result of running <a for=string>percent-encode after encoding</a> with <a for=/>UTF-8</a>, <var>input</var>, and <var>percentEncodeSet</var>. The call site at https://url.spec.whatwg.org/#ref-for-string-percent-encode-after-encoding could technically be fed a surrogate code point. Maybe it should have an assert to prevent anyone from doing that. Similarly I don't believe there's any requirement that the input to https://url.spec.whatwg.org/#ref-for-string-percent-encode-after-encoding%E2%91%A5 consist of tuples which contain scalar value strings. > @@ -706,8 +706,8 @@ to be distinguished. <h3 id=host-parsing>Host parsing</h3> <p>The <dfn export id=concept-host-parser lt="host parser|host parsing">host parser</dfn> takes a -string <var>input</var> with an optional boolean <var>isNotSpecial</var> (default false), and then -runs these steps: +<a>scalar value string</a> <var>input</var> with an optional boolean <var>isNotSpecial</var> +(default false), and then runs these steps: You may want to propogate this to https://html.spec.whatwg.org/#is-a-registrable-domain-suffix-of-or-is-equal-to -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/url/pull/719#pullrequestreview-1203889122 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/url/pull/719/review/1203889122@github.com>
Received on Monday, 5 December 2022 06:01:54 UTC