From 5e4ef7a41c44a7229db10d33659a980f04494f00 Mon Sep 17 00:00:00 2001
From: Mike West <mkwst@google.com>
Date: Fri, 2 Dec 2016 15:00:36 +0100
Subject: [PATCH] Pass a base URL to the URL parser for violation reporting.

Closes w3c/webappsec#521.
---
 index.html     | 9 +++++----
 index.src.html | 6 ++++--
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/index.html b/index.html
index 00a63f0f0a..5fa75dfe12 100644
--- a/index.html
+++ b/index.html
@@ -1453,7 +1453,7 @@
   <div class="head">
    <p data-fill-with="logo"><a class="logo" href="https://www.w3.org/"> <img alt="W3C" height="48" src="https://www.w3.org/StyleSheets/TR/2016/logos/W3C" width="72"> </a> </p>
    <h1>Content Security Policy Level 3</h1>
-   <h2 class="no-num no-toc no-ref heading settled" id="subtitle"><span class="content">Editor’s Draft, <time class="dt-updated" datetime="2016-11-30">30 November 2016</time></span></h2>
+   <h2 class="no-num no-toc no-ref heading settled" id="subtitle"><span class="content">Editor’s Draft, <time class="dt-updated" datetime="2016-12-02">2 December 2016</time></span></h2>
    <div data-fill-with="spec-metadata">
     <dl>
      <dt>This version:
@@ -2887,7 +2887,7 @@ <h3 class="heading settled algorithm" data-algorithm="Report a violation" data-l
           <p>If <var>violation</var>’s <a data-link-type="dfn" href="#violation-policy" id="ref-for-violation-policy-8">policy</a>’s <a data-link-type="dfn" href="#policy-directive-set" id="ref-for-policy-directive-set-8">directive set</a> contains a <a data-link-type="dfn" href="#directives" id="ref-for-directives-13">directive</a> named
   "<a data-link-type="dfn" href="#report-to" id="ref-for-report-to-1"><code>report-to</code></a>", skip the remaining substeps.</p>
          <li data-md="">
-          <p>Let <var>endpoint</var> be the result of executing the <a data-link-type="dfn" href="https://url.spec.whatwg.org/#concept-url-parser">URL parser</a> on <var>directive</var>’s <a data-link-type="dfn" href="#directive-value" id="ref-for-directive-value-7">value</a>.</p>
+          <p>Let <var>endpoint</var> be the result of executing the <a data-link-type="dfn" href="https://url.spec.whatwg.org/#concept-url-parser">URL parser</a> with <var>directive</var>’s <a data-link-type="dfn" href="#directive-value" id="ref-for-directive-value-7">value</a> as the input, and <var>violation</var>’s <a data-link-type="dfn" href="#violation-url" id="ref-for-violation-url-3">url</a> as the <a data-link-type="dfn" href="https://url.spec.whatwg.org/#concept-base-url">base URL</a>.</p>
          <li data-md="">
           <p>If <var>endpoint</var> is not a valid URL, skip the remaining substeps.</p>
          <li data-md="">
@@ -2900,7 +2900,7 @@ <h3 class="heading settled algorithm" data-algorithm="Report a violation" data-l
            <dt data-md="">
             <p><a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-url">url</a></p>
            <dd data-md="">
-            <p><var>violation</var>’s <a data-link-type="dfn" href="#violation-url" id="ref-for-violation-url-3">url</a></p>
+            <p><var>violation</var>’s <a data-link-type="dfn" href="#violation-url" id="ref-for-violation-url-4">url</a></p>
            <dt data-md="">
             <p><a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-origin">origin</a></p>
            <dd data-md="">
@@ -5558,6 +5558,7 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
     <a data-link-type="biblio">[WHATWG-URL]</a> defines the following terms:
     <ul>
      <li><a href="https://url.spec.whatwg.org/#url">URL</a>
+     <li><a href="https://url.spec.whatwg.org/#concept-base-url">base url</a>
      <li><a href="https://url.spec.whatwg.org/#default-port">default port</a>
      <li><a href="https://url.spec.whatwg.org/#dom-url-host">host</a>
      <li><a href="https://url.spec.whatwg.org/#concept-ipv6">ipv6 address</a>
@@ -6532,7 +6533,7 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
     <li><a href="#ref-for-violation-url-1">5.2. 
     Obtain the deprecated serialization of violation </a>
     <li><a href="#ref-for-violation-url-2">5.3. 
-    Report a violation </a> <a href="#ref-for-violation-url-3">(2)</a>
+    Report a violation </a> <a href="#ref-for-violation-url-3">(2)</a> <a href="#ref-for-violation-url-4">(3)</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="violation-status">
diff --git a/index.src.html b/index.src.html
index de825b4125..135434011d 100644
--- a/index.src.html
+++ b/index.src.html
@@ -41,6 +41,7 @@ <h1>Content Security Policy Level 3</h1>
   type: dfn
     text: default port
     text: percent decode
+    text: base url
   type:interface;
     text:URL
 spec:cssom
@@ -1522,8 +1523,9 @@ <h3 id="report-violation" algorithm>
               <a for="policy">directive set</a> contains a <a>directive</a> named
               "<a>`report-to`</a>", skip the remaining substeps.
 
-          2.  Let |endpoint| be the result of executing the <a>URL parser</a> on
-              |directive|'s <a for="directive">value</a>.
+          2.  Let |endpoint| be the result of executing the <a>URL parser</a> with |directive|'s
+              <a for="directive">value</a> as the input, and |violation|'s
+              <a for="violation">url</a> as the <a>base URL</a>.
 
           3.  If |endpoint| is not a valid URL, skip the remaining substeps.