[html5] r6985 - [e] (0) Loosen this requirement a bit to be more realistic. Affected topics: DOM [...]

whatwg at whatwg.org whatwg at whatwg.org
Thu Feb 9 15:13:03 PST 2012


Author: ianh
Date: 2012-02-09 15:13:01 -0800 (Thu, 09 Feb 2012)
New Revision: 6985

Modified:
   complete.html
   index
   source
Log:
[e] (0) Loosen this requirement a bit to be more realistic.
Affected topics: DOM APIs, Security

Modified: complete.html
===================================================================
--- complete.html	2012-02-09 01:57:54 UTC (rev 6984)
+++ complete.html	2012-02-09 23:13:01 UTC (rev 6985)
@@ -70509,8 +70509,9 @@
   certain subdomains, content types, or schemes.</p>
 
   <p><strong>Leaking secure URLs.</strong> User agents should not send
-  HTTPS URLs to third-party sites registered as content handlers, in
-  the same way that user agents do not send <code title=http-referer>Referer</code> (sic) HTTP headers from secure
+  HTTPS URLs to third-party sites registered as content handlers
+  without the user's informed consent, for the same reason that user
+  agents sometimes avoid sending <code title=http-referer>Referer</code> (sic) HTTP headers from secure
   sites to third-party sites.</p>
 
   <p><strong>Leaking credentials.</strong> User agents must never send

Modified: index
===================================================================
--- index	2012-02-09 01:57:54 UTC (rev 6984)
+++ index	2012-02-09 23:13:01 UTC (rev 6985)
@@ -70509,8 +70509,9 @@
   certain subdomains, content types, or schemes.</p>
 
   <p><strong>Leaking secure URLs.</strong> User agents should not send
-  HTTPS URLs to third-party sites registered as content handlers, in
-  the same way that user agents do not send <code title=http-referer>Referer</code> (sic) HTTP headers from secure
+  HTTPS URLs to third-party sites registered as content handlers
+  without the user's informed consent, for the same reason that user
+  agents sometimes avoid sending <code title=http-referer>Referer</code> (sic) HTTP headers from secure
   sites to third-party sites.</p>
 
   <p><strong>Leaking credentials.</strong> User agents must never send

Modified: source
===================================================================
--- source	2012-02-09 01:57:54 UTC (rev 6984)
+++ source	2012-02-09 23:13:01 UTC (rev 6985)
@@ -82401,8 +82401,9 @@
   certain subdomains, content types, or schemes.</p>
 
   <p><strong>Leaking secure URLs.</strong> User agents should not send
-  HTTPS URLs to third-party sites registered as content handlers, in
-  the same way that user agents do not send <code
+  HTTPS URLs to third-party sites registered as content handlers
+  without the user's informed consent, for the same reason that user
+  agents sometimes avoid sending <code
   title="http-referer">Referer</code> (sic) HTTP headers from secure
   sites to third-party sites.</p>
 




More information about the Commit-Watchers mailing list