Permalink
Browse files

[gwr] (2) there's a security risk if we allow pages in one domain to …

…fallback to pages in another domain.

git-svn-id: http://svn.whatwg.org/webapps@2342 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information...
1 parent 4f97e9e commit c17e465f8feae8c724b4a29237dce100050702da @Hixie Hixie committed Oct 16, 2008
Showing with 9 additions and 19 deletions.
  1. +4 −8 index
  2. +5 −11 source
View
12 index
@@ -34244,14 +34244,10 @@ style/default.css</pre>
<p>If either fails, then jump back to the step labeled "start of
line".</p>
- <p>If the <a href=#absolute-url>absolute URL</a> corresponding to <var title="">part one</var> does not have the <a href=#same-origin>same
- origin</a> as the manifest's URL, then jump back to the step
- labeled "start of line".</p> <!-- SECURITY -->
-
- <p>If the resulting <a href=#absolute-url>absolute URL</a> for <var title="">part two</var> has a different <a href=#url-scheme title=url-scheme>&lt;scheme&gt;</a> component than the
- manifest's URL (compared in an <a href=#ascii-case-insensitive>ASCII
- case-insensitive</a> manner), then jump back to the step
- labeled "start of line".</p>
+ <p>If the <a href=#absolute-url>absolute URL</a> corresponding to either <var title="">part one</var> or <var title="">part two</var> does not
+ have the <a href=#same-origin>same origin</a> as the manifest's URL, then
+ jump back to the step labeled "start of line".</p> <!-- SECURITY
+ -->
<p>Drop any the <a href=#url-fragment title=url-fragment>&lt;fragment&gt;</a> components of the
resulting <a href=#absolute-url title="absolute URL">absolute URLs</a>.</p>
View
16 source
@@ -38867,17 +38867,11 @@ style/default.css</pre>
<p>If either fails, then jump back to the step labeled "start of
line".</p>
- <p>If the <span>absolute URL</span> corresponding to <var
- title="">part one</var> does not have the <span>same
- origin</span> as the manifest's URL, then jump back to the step
- labeled "start of line".</p> <!-- SECURITY -->
-
- <p>If the resulting <span>absolute URL</span> for <var
- title="">part two</var> has a different <span
- title="url-scheme">&lt;scheme&gt;</span> component than the
- manifest's URL (compared in an <span>ASCII
- case-insensitive</span> manner), then jump back to the step
- labeled "start of line".</p>
+ <p>If the <span>absolute URL</span> corresponding to either <var
+ title="">part one</var> or <var title="">part two</var> does not
+ have the <span>same origin</span> as the manifest's URL, then
+ jump back to the step labeled "start of line".</p> <!-- SECURITY
+ -->
<p>Drop any the <span
title="url-fragment">&lt;fragment&gt;</span> components of the

0 comments on commit c17e465

Please sign in to comment.