[html5] r6385 - [giow] (1) Prevent authors from shooting themselves in the foot here. Note that [...]
whatwg at whatwg.org
whatwg at whatwg.org
Mon Aug 8 14:02:30 PDT 2011
Author: ianh
Date: 2011-08-08 14:02:29 -0700 (Mon, 08 Aug 2011)
New Revision: 6385
Modified:
complete.html
source
Log:
[giow] (1) Prevent authors from shooting themselves in the foot here. Note that this blocks some legitimate use cases -- let me know if you think we should remove this restriction. It's easy to work around -- provide services over wss:// -- but some service providers might not bother.
Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=13526
Modified: complete.html
===================================================================
--- complete.html 2011-08-08 20:10:17 UTC (rev 6384)
+++ complete.html 2011-08-08 21:02:29 UTC (rev 6385)
@@ -80625,6 +80625,11 @@
<var title="">secure</var>. If this fails, throw a
<code><a href=#syntax_err>SYNTAX_ERR</a></code> exception and abort these steps. <a href=#refsWSP>[WSP]</a></li>
+ <li><p>If <var title="">secure</var> is false but the
+ <a href=#origin>origin</a> of the <a href=#entry-script>entry script</a> has a scheme
+ component that is itself a secure protocol, e.g. HTTPS, then throw
+ a <code><a href=#security_err>SECURITY_ERR</a></code> exception.</li>
+
<li>
<p>If <var title="">port</var> is a port to which the user agent
Modified: source
===================================================================
--- source 2011-08-08 20:10:17 UTC (rev 6384)
+++ source 2011-08-08 21:02:29 UTC (rev 6385)
@@ -91247,6 +91247,11 @@
<code>SYNTAX_ERR</code> exception and abort these steps. <a
href="#refsWSP">[WSP]</a></p></li>
+ <li><p>If <var title="">secure</var> is false but the
+ <span>origin</span> of the <span>entry script</span> has a scheme
+ component that is itself a secure protocol, e.g. HTTPS, then throw
+ a <code>SECURITY_ERR</code> exception.</p></li>
+
<li>
<p>If <var title="">port</var> is a port to which the user agent
More information about the Commit-Watchers
mailing list