[html5] r6985 - [e] (0) Loosen this requirement a bit to be more realistic. Affected topics: DOM [...]
whatwg at whatwg.org
whatwg at whatwg.org
Thu Feb 9 15:13:03 PST 2012
Author: ianh
Date: 2012-02-09 15:13:01 -0800 (Thu, 09 Feb 2012)
New Revision: 6985
Modified:
complete.html
index
source
Log:
[e] (0) Loosen this requirement a bit to be more realistic.
Affected topics: DOM APIs, Security
Modified: complete.html
===================================================================
--- complete.html 2012-02-09 01:57:54 UTC (rev 6984)
+++ complete.html 2012-02-09 23:13:01 UTC (rev 6985)
@@ -70509,8 +70509,9 @@
certain subdomains, content types, or schemes.</p>
<p><strong>Leaking secure URLs.</strong> User agents should not send
- HTTPS URLs to third-party sites registered as content handlers, in
- the same way that user agents do not send <code title=http-referer>Referer</code> (sic) HTTP headers from secure
+ HTTPS URLs to third-party sites registered as content handlers
+ without the user's informed consent, for the same reason that user
+ agents sometimes avoid sending <code title=http-referer>Referer</code> (sic) HTTP headers from secure
sites to third-party sites.</p>
<p><strong>Leaking credentials.</strong> User agents must never send
Modified: index
===================================================================
--- index 2012-02-09 01:57:54 UTC (rev 6984)
+++ index 2012-02-09 23:13:01 UTC (rev 6985)
@@ -70509,8 +70509,9 @@
certain subdomains, content types, or schemes.</p>
<p><strong>Leaking secure URLs.</strong> User agents should not send
- HTTPS URLs to third-party sites registered as content handlers, in
- the same way that user agents do not send <code title=http-referer>Referer</code> (sic) HTTP headers from secure
+ HTTPS URLs to third-party sites registered as content handlers
+ without the user's informed consent, for the same reason that user
+ agents sometimes avoid sending <code title=http-referer>Referer</code> (sic) HTTP headers from secure
sites to third-party sites.</p>
<p><strong>Leaking credentials.</strong> User agents must never send
Modified: source
===================================================================
--- source 2012-02-09 01:57:54 UTC (rev 6984)
+++ source 2012-02-09 23:13:01 UTC (rev 6985)
@@ -82401,8 +82401,9 @@
certain subdomains, content types, or schemes.</p>
<p><strong>Leaking secure URLs.</strong> User agents should not send
- HTTPS URLs to third-party sites registered as content handlers, in
- the same way that user agents do not send <code
+ HTTPS URLs to third-party sites registered as content handlers
+ without the user's informed consent, for the same reason that user
+ agents sometimes avoid sending <code
title="http-referer">Referer</code> (sic) HTTP headers from secure
sites to third-party sites.</p>
More information about the Commit-Watchers
mailing list