Merge branch 'main' into patch-2

files/en-us/glossary/base64/index.md

@@ -6,21 +6,22 @@ page-type: glossary-definition
 
 {{GlossarySidebar}}
 
-**Base64** is a group of similar [binary-to-text encoding](https://en.wikipedia.org/wiki/Binary-to-text_encoding) schemes that represent binary data in an {{glossary("ASCII")}} string format by translating it into a radix-64 representation. The term _Base64_ originates from a specific [MIME content transfer encoding](https://en.wikipedia.org/wiki/MIME#Content-Transfer-Encoding).
+**Base64** is a group of similar [binary-to-text encoding](https://en.wikipedia.org/wiki/Binary-to-text_encoding) schemes that represent binary data in an {{glossary("ASCII")}} string format by transforming it into a radix-64 representation. The term _Base64_ originates from a specific [MIME content transfer encoding](https://en.wikipedia.org/wiki/MIME#Content-Transfer-Encoding).
 
-When the term "Base64" is used on its own to refer to a specific algorithm, it typically refers to the version of Base64 outlined in [RFC 4648](https://datatracker.ietf.org/doc/html/rfc4648), section 4, which uses the following alphabet to represent the radix-64 digits, alongside `=` as a padding character:
+When the term "Base64" is used on its own to refer to a specific {{glossary("algorithm")}}, it typically refers to the version of Base64 outlined in [RFC 4648](https://datatracker.ietf.org/doc/html/rfc4648), section 4, which uses the following alphabet to represent the radix-64 digits, alongside `=` as a padding character:
 
 ```plain
 ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
 ```
 
-A common variant is "Base64 URL safe", which omits the padding and replaces `+/` with `-_` to avoid characters that might cause problems in URL path segments or query parameters.
+A common variant is "Base64 URL safe", which omits the padding and replaces `+/` with `-_` to avoid characters that might cause problems in
+{{glossary("URL")}} path segments or query parameters.
 
 Base64 encoding schemes are commonly used to encode binary data for storage or transfer over media that can only deal with ASCII text (or some superset of ASCII that still falls short of accepting arbitrary binary data). This ensures that the data remains intact without modification during transport. Common applications of Base64 include:
 
 - Email via [MIME](https://en.wikipedia.org/wiki/MIME)
 - Storing complex data in [XML](/en-US/docs/Web/XML)
-- Encoding binary data so it can be included in a [`data:` URL](/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URLs)
+- Encoding binary data so that it can be included in a [`data:` URL](/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URLs)
 
 ## Encoded size increase
 
@@ -35,13 +36,13 @@ Browsers natively provide two JavaScript functions for decoding and encoding Bas
 - [`btoa`](/en-US/docs/Web/API/btoa): creates a Base64-encoded ASCII string from a string of binary data ("btoa" should be read as "binary to ASCII").
 - [`atob`](/en-US/docs/Web/API/atob): decodes a Base64-encoded string ("atob" should be read as "ASCII to binary").
 
-> **Note:** Base64 is a binary encoding rather than a text encoding, but `btoa` and `atob` were added to the web platform before it supported binary data types. As a result, the two functions use strings to represent binary data, with the code point of each character representing the value of each byte. This has led to a common misconception that `btoa` can be used to encode arbitrary text data — for example, creating a Base64 `data:` URL of a text or HTML document.
+> **Note:** Base64 is a binary encoding rather than a text encoding, but `btoa` and `atob` were added to the web platform before it supported binary data types. As a result, the two functions use strings to represent binary data, with the {{glossary("code point")}} of each character representing the value of each byte. This has led to a common misconception that `btoa` can be used to encode arbitrary text data — for example, creating a Base64 `data:` URL of a text or HTML document.
 >
 > However, the byte-to-code-point correspondence only reliably holds true for code points up to `0x7f`. Furthermore, code points over `0xff` will cause `btoa` to throw an error due to exceeding the maximum value for 1 byte. The next section details how to work around this limitation when encoding arbitrary Unicode text.
 
 ## The "Unicode Problem"
 
-Since `btoa` interprets the code points of its input string as byte values, calling `btoa` on a string will cause a "Character Out Of Range" exception if a character's code point exceeds `0xff`. For use cases where you need to encode arbitrary Unicode text, it is necessary to first convert the string to its constituent bytes in UTF-8, and then encode the bytes.
+Since `btoa` interprets the code points of its input string as byte values, calling `btoa` on a string will cause a "Character Out Of Range" exception if a character's code point exceeds `0xff`. For use cases where you need to encode arbitrary Unicode text, it is necessary to first convert the string to its constituent bytes in {{glossary("UTF-8")}}, and then encode the bytes.
 
 The simplest solution is to use `TextEncoder` and `TextDecoder` to convert between UTF-8 and single-byte representations of the string:
 
@@ -89,3 +90,12 @@ async function dataUrlToBytes(dataUrl) {
 await bytesToBase64DataUrl(new Uint8Array([0, 1, 2])); // "data:application/octet-stream;base64,AAEC"
 await dataUrlToBytes("data:application/octet-stream;base64,AAEC"); // Uint8Array [0, 1, 2]
 ```
+
+## See Also
+
+- JavaScript APIs:
+  - [btoa() global function](/en-US/docs/Web/API/btoa)
+  - [atob() global function](/en-US/docs/Web/API/atob)
+- [Data URLs](/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URLs)
+- [Base64](https://en.wikipedia.org/wiki/Base64) on Wikipedia
+- Base64 Algorithm described in [RFC 4648](https://datatracker.ietf.org/doc/html/rfc4648)

files/en-us/glossary/camel_case/index.md

@@ -18,6 +18,6 @@ Camel case is the most popular convention in JavaScript, Java, and various other
 
 ## See also
 
-- [Snake case](/en-US/docs/Glossary/Snake_case)
-- [Kebab case](/en-US/docs/Glossary/Kebab_case)
+- {{Glossary("Snake_case", "Snake Case")}}
+- {{Glossary("Kebab_case", "Kebab Case")}}
 - [typescript-eslint rule: `naming-convention`](https://typescript-eslint.io/rules/naming-convention/)

files/en-us/learn/server-side/first_steps/website_security/index.md

@@ -49,7 +49,7 @@ XSS is a term used to describe a class of attacks that allow an attacker to inje
 The XSS vulnerabilities are divided into _reflected_ and _persistent_, based on how the site returns the injected scripts to a browser.
 
 - A _reflected_ XSS vulnerability occurs when user content that is passed to the server is returned _immediately_ and _unmodified_ for display in the browser. Any scripts in the original user content will be run when the new page is loaded.
-  For example, consider a site search function where the search terms are encoded as URL parameters, and these terms are displayed along with the results. An attacker can construct a search link that contains a malicious script as a parameter (e.g., `http://developer.mozilla.org?q=beer<script%20src="http://example.com/tricky.js"></script>`) and email it to another user. If the target user clicks this "interesting link", the script will be executed when the search results are displayed. As discussed earlier, this gives the attacker all the information they need to enter the site as the target user, potentially making purchases as the user or sharing their contact information.
+  For example, consider a site search function where the search terms are encoded as URL parameters, and these terms are displayed along with the results. An attacker can construct a search link that contains a malicious script as a parameter (e.g., `https://developer.mozilla.org?q=beer<script%20src="http://example.com/tricky.js"></script>`) and email it to another user. If the target user clicks this "interesting link", the script will be executed when the search results are displayed. As discussed earlier, this gives the attacker all the information they need to enter the site as the target user, potentially making purchases as the user or sharing their contact information.
 - A _persistent_ XSS vulnerability occurs when the malicious script is _stored_ on the website and then later redisplayed unmodified for other users to execute unwittingly.
   For example, a discussion board that accepts comments that contain unmodified HTML could store a malicious script from an attacker. When the comments are displayed, the script is executed and can send to the attacker the information required to access the user's account. This sort of attack is extremely popular and powerful, because the attacker might not even have any direct engagement with the victims.
 

files/en-us/mdn/community/issues/index.md

@@ -82,7 +82,7 @@ Ensure sections follow the order defined in the CSS property template
 
 ### Description
 
-The CSS property page template is defined [here](https://developer.mozilla.org/en-US/docs/MDN/Writing_guidelines/Page_structures/Page_types/CSS_property_page_template).
+The CSS property page template is defined [here](/en-US/docs/MDN/Writing_guidelines/Page_structures/Page_types/CSS_property_page_template).
 The task list in this issue will be used to compare the documented CSS properties with the template and track changes to the property pages for compliance.
 
 ### List of pages checked

files/en-us/mozilla/firefox/releases/2/updating_extensions/index.md

@@ -38,6 +38,6 @@ Be sure to test your extension carefully on Firefox 2 before you release it to t
 
 ## Step 4: Release
 
-Update your extension's entry on [http://addons.mozilla.org](https://addons.mozilla.org). This will ensure that users can find it.
+Update your extension's entry on [https://addons.mozilla.org](https://addons.mozilla.org). This will ensure that users can find it.
 
 In addition, if your extension provides an [`updateURL`](/en-US/Install_Manifests#updateurl) in the install manifest, be sure to update the update manifest so that the new version of your extension can be found automatically by Firefox. By doing this, the first time the user runs your extension after upgrading to Firefox 2, Firefox can offer to automatically install it for them.

files/en-us/mozilla/firefox/releases/3.5/updating_extensions/index.md

@@ -122,7 +122,7 @@ Firefox 3.5 closes a security hole that made it possible to use remote chrome. T
 
 Previously, it was possible to get a load context from a request by querying various docShell APIs. In particular, it was a common practice to use `notificationCallbacks.getInterface(nsIDOMWindow)` to get the window object associated with the load. While the older approach may work in some circumstances, it is not recommended to use it anymore ([details](https://bugzil.la/457153#c16)).
 
-This correct and reliable way to do this is to use an `nsILoadContext` (see the [interface definition](http://mxr.mozilla.org/mozilla-central/source/docshell/base/nsILoadContext.idl) on mxr).
+This correct and reliable way to do this is to use an `nsILoadContext` (see the [interface definition](https://mxr.mozilla.org/mozilla-central/source/docshell/base/nsILoadContext.idl) on mxr).
 
 From JavaScript, you do it like this:
 

files/en-us/web/api/document_object_model/examples/index.md

@@ -52,14 +52,16 @@ The following example shows the use of the `height` and `width` properties along
   <body onload="init();">
     <p>
       Image 1: no height, width, or style
-      <img id="image1" src="http://www.mozilla.org/images/mozilla-banner.gif" />
+      <img
+        id="image1"
+        src="https://www.mozilla.org/images/mozilla-banner.gif" />
     </p>
 
     <p>
       Image 2: height="50", width="500", but no style
       <img
         id="image2"
-        src="http://www.mozilla.org/images/mozilla-banner.gif"
+        src="https://www.mozilla.org/images/mozilla-banner.gif"
         height="50"
         width="500" />
     </p>
@@ -68,7 +70,7 @@ The following example shows the use of the `height` and `width` properties along
       Image 3: no height, width, but style="height: 50px; width: 500px;"
       <img
         id="image3"
-        src="http://www.mozilla.org/images/mozilla-banner.gif"
+        src="https://www.mozilla.org/images/mozilla-banner.gif"
         style="height: 50px; width: 500px;" />
     </p>
 

files/en-us/web/api/element/innerhtml/index.md

@@ -52,7 +52,7 @@ This lets you look at the HTML markup of the element's content nodes.
 
 Setting the value of `innerHTML` lets you easily replace the existing contents of an element with new content.
 
-> **Note:** This is a [security risk](#security_considerations) if the string to be inserted might contain potentially malicious content.
+> **Warning:** This is a [security risk](#security_considerations) if the string to be inserted might contain potentially malicious content.
 > When inserting user-supplied data you should always consider using a sanitizer library, in order to sanitize the content before it is inserted.
 
 For example, you can erase the entire contents of a document by clearing the contents of the document's {{domxref("Document.body", "body")}} attribute:

files/en-us/web/api/file_api/using_files_from_web_applications/index.md

@@ -436,7 +436,7 @@ function FileUpload(img, file) {
   );
   xhr.open(
     "POST",
-    "http://demos.hacks.mozilla.org/paul/demos/resources/webservices/devnull.php",
+    "https://demos.hacks.mozilla.org/paul/demos/resources/webservices/devnull.php",
   );
   xhr.overrideMimeType("text/plain; charset=x-user-defined-binary");
   reader.onload = (evt) => {