Update CSP links

source

@@ -3506,15 +3506,14 @@ a.setAttribute('href', 'http://example.com/'); // change the content attribute d
     <p>The following terms are defined in <cite>Content Security Policy</cite>: <ref spec="CSP"></p>
 
     <ul class="brief">
-     <li><dfn data-noexport="" data-x-href="https://w3c.github.io/webappsec/specs/content-security-policy/#security-policy">Content Security Policy</dfn></li>
-     <li><dfn data-noexport="" data-x-href="https://w3c.github.io/webappsec/specs/content-security-policy/#directives">Content Security Policy directive</dfn></li>
-     <li>The <dfn data-noexport="" data-x-href="https://w3c.github.io/webappsec/specs/content-security-policy/#policy-syntax">Content Security Policy syntax</dfn></li>
-     <li><dfn data-noexport="" data-x-href="https://w3c.github.io/webappsec/specs/content-security-policy/#enforce">enforce the policy</dfn></li>
-     <li>The <dfn data-noexport="" data-x-href="https://w3c.github.io/webappsec/specs/content-security-policy/#directive-frame-ancestors"><code data-x="">frame-ancestors</code> directive</dfn></li>
-     <li>The <dfn data-noexport="" data-x-href="https://w3c.github.io/webappsec/specs/content-security-policy/#parse-the-policy">parse the policy</dfn> algorithm</li>
-     <li>The <dfn data-noexport="" data-x-href="https://w3c.github.io/webappsec/specs/content-security-policy/#directive-reflected-xss"><code data-x="">reflected-xss</code> directive</dfn></li>
-     <li>The <dfn data-noexport="" data-x-href="https://w3c.github.io/webappsec/specs/content-security-policy/#directive-report-uri"><code data-x="">report-uri</code> directive</dfn></li>
-     <li>The <dfn data-noexport="" data-x-href="https://w3c.github.io/webappsec/specs/content-security-policy/#directive-sandbox"><code data-x="">sandbox</code> directive</dfn></li>
+     <li><dfn data-noexport="" data-x-href="https://w3c.github.io/webappsec-csp/#policy">Content Security Policy</dfn></li>
+     <li><dfn data-noexport="" data-x-href="https://w3c.github.io/webappsec-csp/#directives">Content Security Policy directive</dfn></li>
+     <li>The <dfn data-noexport="" data-x-href="https://w3c.github.io/webappsec-csp/#grammardef-serialized-policy">Content Security Policy syntax</dfn></li>
+     <li><dfn data-noexport="" data-x-href="https://w3c.github.io/webappsec-csp/#enforced">enforce the policy</dfn></li>
+     <li>The <dfn data-noexport="" data-x-href="https://w3c.github.io/webappsec-csp/#frame-ancestors"><code data-x="">frame-ancestors</code> directive</dfn></li>
+     <li>The <dfn data-noexport="" data-x-href="https://w3c.github.io/webappsec-csp/#parse-serialized-policy">parse a serialized Content Security Policy</dfn> algorithm</li>
+     <li>The <dfn data-noexport="" data-x-href="https://w3c.github.io/webappsec-csp/#report-uri"><code data-x="">report-uri</code> directive</dfn></li>
+     <li>The <dfn data-noexport="" data-x-href="https://w3c.github.io/webappsec-csp/#sandbox"><code data-x="">sandbox</code> directive</dfn></li>
     </ul>
 
    </dd>
@@ -12903,11 +12902,10 @@ people expect to have work and what is necessary.
      attribute, or if that attribute's value is the empty string, then abort these steps.</p></li>
 
      <li><p>Let <var>policy</var> be the result of executing Content Security Policy's <span>parse
-     the policy</span> algorithm on the <code>meta</code> element's
+     a serialized Content Security Policy</span> algorithm on the <code>meta</code> element's
      <code data-x="attr-meta-content">content</code> attribute's value.</p></li>
 
      <li><p>Remove all occurrences of the <code
-     data-x="reflected-xss directive">reflected-xss</code>, <code
      data-x="report-uri directive">report-uri</code>, <code
      data-x="frame-ancestors directive">frame-ancestors</code>, and <code
      data-x="sandbox directive">sandbox</code> <span data-x="Content Security Policy
@@ -117376,7 +117374,7 @@ INSERT INTERFACES HERE
    <dd>(Non-normative) <cite><a href="http://www.iana.org/assignments/charset-reg/CP50220">CP50220</a></cite>, Y. Naruse. IANA.</dd> <!-- really should be "NARUSE, Y." or some such, but there's a western bias to these references for consistency. sorry. -->
 
    <dt id="refsCSP">[CSP]</dt>
-   <dd><cite><a href="https://w3c.github.io/webappsec/specs/content-security-policy/">Content Security Policy</a></cite>, M. West, A. Barth, D. Veditz. W3C.</dd>
+   <dd><cite><a href="https://w3c.github.io/webappsec-csp/">Content Security Policy</a></cite>, M. West, D. Veditz. W3C.</dd>
 
    <dt id="refsCSS">[CSS]</dt>
    <dd><cite><a href="https://drafts.csswg.org/css2/">Cascading Style Sheets Level 2 Revision 2</a></cite>, B. Bos, T. &Ccedil;elik, I. Hickson, H. Lie. W3C.</dd>