W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: referrer policy questions

From: Boris Zbarsky <bzbarsky@mit.edu>
Date: Mon, 20 Oct 2014 14:11:35 -0400
Message-ID: <54455057.4030900@mit.edu>
To: public-webappsec@w3.org
On 10/20/14, 2:03 PM, Mike West wrote:
> https://github.com/w3c/webappsec/commit/0a263697170b88524c0be685a54f16711a6a0e14

This uses the phrase "case-insensitive match" without defining what you 
mean.  That's not a great idea, since it can mean a number of different 
things in different contexts.

I suggest using 
https://html.spec.whatwg.org/multipage/infrastructure.html#ascii-case-insensitive 
here.

> Thanks, Sid! These are good suggestions (and I think they match what
> Blink/WebKit implemented).

It's worth adding testcases to verify that, esp. for the case 
insensitive bit.  For example, add tests that would match according to 
<https://html.spec.whatwg.org/multipage/infrastructure.html#compatibility-caseless> 
but not according to 
<https://html.spec.whatwg.org/multipage/infrastructure.html#ascii-case-insensitive>.

-Boris
Received on Monday, 20 October 2014 18:12:07 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC