[html5] r2342 - [gwr] (2) there's a security risk if we allow pages in one domain to fallback to [...]

whatwg at whatwg.org whatwg at whatwg.org
Wed Oct 15 17:54:30 PDT 2008 

Author: ianh
Date: 2008-10-15 17:54:29 -0700 (Wed, 15 Oct 2008)
New Revision: 2342

Modified:
   index
   source
Log:
[gwr] (2) there's a security risk if we allow pages in one domain to fallback to pages in another domain.

Modified: index
===================================================================
--- index	2008-10-16 00:53:19 UTC (rev 2341)
+++ index	2008-10-16 00:54:29 UTC (rev 2342)
@@ -34244,15 +34244,11 @@
       <p>If either fails, then jump back to the step labeled "start of
       line".</p>
 
-      <p>If the <a href=#absolute-url>absolute URL</a> corresponding to <var title="">part one</var> does not have the <a href=#same-origin>same
-      origin</a> as the manifest's URL, then jump back to the step
-      labeled "start of line".</p> <!-- SECURITY -->
+      <p>If the <a href=#absolute-url>absolute URL</a> corresponding to either <var title="">part one</var> or <var title="">part two</var> does not
+      have the <a href=#same-origin>same origin</a> as the manifest's URL, then
+      jump back to the step labeled "start of line".</p> <!-- SECURITY
+      -->
 
-      <p>If the resulting <a href=#absolute-url>absolute URL</a> for <var title="">part two</var> has a different <a href=#url-scheme title=url-scheme><scheme></a> component than the
-      manifest's URL (compared in an <a href=#ascii-case-insensitive>ASCII
-      case-insensitive</a> manner), then jump back to the step
-      labeled "start of line".</p>
-
       <p>Drop any the <a href=#url-fragment title=url-fragment><fragment></a> components of the
       resulting <a href=#absolute-url title="absolute URL">absolute URLs</a>.</p>
 

Modified: source
===================================================================
--- source	2008-10-16 00:53:19 UTC (rev 2341)
+++ source	2008-10-16 00:54:29 UTC (rev 2342)
@@ -38867,18 +38867,12 @@
       <p>If either fails, then jump back to the step labeled "start of
       line".</p>
 
-      <p>If the <span>absolute URL</span> corresponding to <var
-      title="">part one</var> does not have the <span>same
-      origin</span> as the manifest's URL, then jump back to the step
-      labeled "start of line".</p> <!-- SECURITY -->
+      <p>If the <span>absolute URL</span> corresponding to either <var
+      title="">part one</var> or <var title="">part two</var> does not
+      have the <span>same origin</span> as the manifest's URL, then
+      jump back to the step labeled "start of line".</p> <!-- SECURITY
+      -->
 
-      <p>If the resulting <span>absolute URL</span> for <var
-      title="">part two</var> has a different <span
-      title="url-scheme"><scheme></span> component than the
-      manifest's URL (compared in an <span>ASCII
-      case-insensitive</span> manner), then jump back to the step
-      labeled "start of line".</p>
-
       <p>Drop any the <span
       title="url-fragment"><fragment></span> components of the
       resulting <span title="absolute URL">absolute URLs</span>.</p>

More information about the Commit-Watchers mailing list