[html5] r6877 - [e] (0) Fix some typos or copypasta. Affected topics: HTML, Security
whatwg at whatwg.org
whatwg at whatwg.org
Fri Dec 16 12:55:38 PST 2011
Author: ianh
Date: 2011-12-16 12:55:37 -0800 (Fri, 16 Dec 2011)
New Revision: 6877
Modified:
complete.html
index
source
Log:
[e] (0) Fix some typos or copypasta.
Affected topics: HTML, Security
Modified: complete.html
===================================================================
--- complete.html 2011-12-16 20:53:39 UTC (rev 6876)
+++ complete.html 2011-12-16 20:55:37 UTC (rev 6877)
@@ -2235,7 +2235,9 @@
<li>When allowing URLs to be provided (e.g. for links), the
scheme of each URL also needs to be explicitly whitelisted, as
there are many schemes that can be abused. The most prominent
- example is "<code agents="" but="" can="" have="" historically="" implement="" implemented="" indeed="" others="" title="javascript:</code>" user=""> <!-- IE had vbscript:, Netscape had livescript:,
+ example is "<code title=javascript-protocol>javascript:</code>", but user agents
+ can implement (and indeed, have historically implemented)
+ others.</li> <!-- IE had vbscript:, Netscape had livescript:,
etc. -->
<li>Allowing a <code><a href=#the-base-element>base</a></code> element to be inserted means any
@@ -2243,7 +2245,7 @@
be hijacked, and similarly that any form submissions can get
redirected to a hostile site.</li>
- </code></ul></dd>
+ </ul></dd>
<dt>Cross-site request forgery (CSRF)</dt>
Modified: index
===================================================================
--- index 2011-12-16 20:53:39 UTC (rev 6876)
+++ index 2011-12-16 20:55:37 UTC (rev 6877)
@@ -2235,7 +2235,9 @@
<li>When allowing URLs to be provided (e.g. for links), the
scheme of each URL also needs to be explicitly whitelisted, as
there are many schemes that can be abused. The most prominent
- example is "<code agents="" but="" can="" have="" historically="" implement="" implemented="" indeed="" others="" title="javascript:</code>" user=""> <!-- IE had vbscript:, Netscape had livescript:,
+ example is "<code title=javascript-protocol>javascript:</code>", but user agents
+ can implement (and indeed, have historically implemented)
+ others.</li> <!-- IE had vbscript:, Netscape had livescript:,
etc. -->
<li>Allowing a <code><a href=#the-base-element>base</a></code> element to be inserted means any
@@ -2243,7 +2245,7 @@
be hijacked, and similarly that any form submissions can get
redirected to a hostile site.</li>
- </code></ul></dd>
+ </ul></dd>
<dt>Cross-site request forgery (CSRF)</dt>
Modified: source
===================================================================
--- source 2011-12-16 20:53:39 UTC (rev 6876)
+++ source 2011-12-16 20:55:37 UTC (rev 6877)
@@ -1064,8 +1064,9 @@
<li>When allowing URLs to be provided (e.g. for links), the
scheme of each URL also needs to be explicitly whitelisted, as
there are many schemes that can be abused. The most prominent
- example is "<code title="javascript:</code>", but user agents can
- implement (and indeed, have historically implemented)
+ example is "<code
+ title="javascript-protocol">javascript:</code>", but user agents
+ can implement (and indeed, have historically implemented)
others.</li> <!-- IE had vbscript:, Netscape had livescript:,
etc. -->
More information about the Commit-Watchers
mailing list