From dbbc9dfe2068c3683c0519f1c0870b481caf2ce2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Fri, 18 Sep 2020 21:21:47 +1000
Subject: [PATCH 01/22] Add canShare() method
---
index.html | 75 ++++++++++++++++++++++++++++++++++++++++++------------
1 file changed, 59 insertions(+), 16 deletions(-)
diff --git a/index.html b/index.html
index bfa443f..bd656f8 100644
--- a/index.html
+++ b/index.html
@@ -103,6 +103,7 @@
partial interface Navigator {
+ boolean canShare(optional ShareData data = {});
[SecureContext] Promise<undefined> share(optional ShareData data = {});
};
@@ -136,6 +137,23 @@
+
+
+ canShare() method
+
+
+ When the {{Navigator/canShare()}} method is called with argument
+ |data:ShareData|, run the following steps:
+
+
+ - Let |base| be [=this=]'s [=relevant settings object=]'s
+ [=environment settings object/API base URL=].
+
+ - Return the result of [=validate share data=] with |data| and
+ |base|.
+
+
+
share() method
@@ -161,29 +179,21 @@
If {{[[sharePromise]]}} is not `null`, return a promise
rejected with {{InvalidStateError}}.
- If none of |data|'s members {{ShareData/title}},
- {{ShareData/text}}, or {{ShareData/url}} or {{ShareData/file}} are
- present, return a promise rejected with a {{TypeError}}.
+ , return a promise rejected with a {{TypeError}}.
- If |data|'s {{ShareData/files}} member is present:
-
- - If |data|'s {{ShareData/files}} member is empty, or if the
- implementation does not support file sharing, return a
- promise rejected with a {{TypeError}}, and abort these
- steps.
-
-
+ Let |base:URL| be the [=this=] value's relevant settings
+ object's [=environment settings object/api base URL=].
+
+ If running the steps to [=validate share data=] with |data| and
+ |base| return false, then return a promise rejected with a
+ {{TypeError}}.
If |data|'s {{ShareData/url}} member is present:
- - Let |base:URL| be the [=this=] value's relevant settings
- object's [=environment settings object/api base URL=].
-
- Let |url:URL| be the result of running the URL
parser on |data|'s {{ShareData/url}} with |base|.
- - If |url| is failure, return a promise rejected with
- {{TypeError}}.
+
- Assert: |url| is {{URL}}.
- If |url|'s [=URL/scheme=] is not "http" or "https", return
a promise rejected with {{TypeError}}.
@@ -269,6 +279,39 @@
or bypassing the UI if there is only a single share target.
+
+
+ Validate share data
+
+
+ To validate share data with |data:ShareData| and
+ |base:URL|, run the following steps:
+
+
+ - If none of |data|'s members {{ShareData/title}},
+ {{ShareData/text}}, or {{ShareData/url}} or {{ShareData/files}} are
+ present, return false.
+
+ - If |data|'s {{ShareData/files}} member is present:
+
+ - If |data|'s {{ShareData/files}} member is empty, or if the
+ implementation does not support file sharing, return false.
+
+
+
+ - If |data|'s url member is present:
+
+ - Let |url:URL| be the result of running the [=URL parser]=
+ on |data|'s url, with |base|, and no encoding override.
+
+ - If |url| is failure, return false.
+
+
+
+ - Return true.
+
+
+
From a3a43191aac350964005cf29ac9314acb448b4e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Mon, 21 Sep 2020 17:59:40 +1000
Subject: [PATCH 02/22] add SecureContext and allowed to use check
---
index.html | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/index.html b/index.html
index bd656f8..f8981da 100644
--- a/index.html
+++ b/index.html
@@ -103,7 +103,7 @@
partial interface Navigator {
- boolean canShare(optional ShareData data = {});
+ [SecureContext] boolean canShare(optional ShareData data = {});
[SecureContext] Promise<undefined> share(optional ShareData data = {});
};
@@ -146,6 +146,10 @@
|data:ShareData|, run the following steps:
+ - If the current settings object's responsible document is not
+ allowed to use the "[=web-share-feature|web-share=]"
+ permission, return false.
+
- Let |base| be [=this=]'s [=relevant settings object=]'s
[=environment settings object/API base URL=].
@@ -179,8 +183,6 @@
- If {{[[sharePromise]]}} is not `null`, return a promise
rejected with {{InvalidStateError}}.
- - , return a promise rejected with a {{TypeError}}.
-
- Let |base:URL| be the [=this=] value's relevant settings
object's [=environment settings object/api base URL=].
From 99cccb77ae17abd10d4ea4a887632f30f3056e77 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Mon, 21 Sep 2020 19:34:18 +1000
Subject: [PATCH 03/22] Add http+https checks to validation
---
index.html | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/index.html b/index.html
index f8981da..68a76d3 100644
--- a/index.html
+++ b/index.html
@@ -197,9 +197,6 @@
- Assert: |url| is {{URL}}.
- - If |url|'s [=URL/scheme=] is not "http" or "https", return
- a promise rejected with {{TypeError}}.
-
- Set |data| to a copy of |data|, with its {{ShareData/url}}
member set to the result of running the URL serializer
on |url|.
@@ -308,6 +305,9 @@
- If |url| is failure, return false.
+ - If |url|'s [=URL/scheme=] is not "http" or "https", return
+ return false.
+
Return true.
@@ -553,8 +553,7 @@
when information should be confidential, so forwarding any content
presents a risk. In particular, the {{ShareData/title}} might be
used by an attacker to trick a user into misinterpreting the nature
- of the content.
-
From c60193bc082624e9dad64aef013d5a5ccee7e61b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Wed, 23 Sep 2020 16:07:59 +1000
Subject: [PATCH 04/22] Handle empty files sequence
---
index.html | 27 ++++++++++++++++++++++-----
1 file changed, 22 insertions(+), 5 deletions(-)
diff --git a/index.html b/index.html
index 68a76d3..e46008e 100644
--- a/index.html
+++ b/index.html
@@ -47,7 +47,7 @@
};
-
+
This specification defines an API for sharing text, links and other
@@ -291,10 +291,23 @@
{{ShareData/text}}, or {{ShareData/url}} or {{ShareData/files}} are
present, return false.
+ Let |titleTextOrUrl:boolean| be true if any of
+ {{ShareData/title}}, or {{ShareData/text}}, or {{ShareData/url}} is
+ present.
+
If |data|'s {{ShareData/files}} member is present:
- - If |data|'s {{ShareData/files}} member is empty, or if the
- implementation does not support file sharing, return false.
+
- If |titleTextOrUrl| is false, and if |data|'s
+ {{ShareData/files}} member is empty, or return false.
+
+ This causes a `{ files: [] }` dictionary to be treated as
+ an empty dictionary. However, passing a dictionary like
+ `{text: "text" files: []}` is fine, as `files` is just
+ ignored.
+
+
+ - If the implementation does not support file sharing, return
+ false.
@@ -504,8 +517,12 @@
native applications.
Due to the capabilities of the API surface, {{Navigator/share()}}
- is available only in secure contexts (such as `https://`
- schemes).
+ and {{Navigator/canShare()}} methods are restricted to [=secure
+ contexts=] (such as `https://` schemes).
+
+ Third-party contexts require that they be [=allowed to use=] the
+ {{Navigator/share()}} and {{Navigator/canShare()}} methods via one of
+ the mechanisms described in [[[permissions-policy]]].
Use of {{Navigator/share()}} from a private browsing mode
From a1a8a8bb2a5738753d038b8700efae5b4cabb877 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Wed, 23 Sep 2020 17:58:40 +1000
Subject: [PATCH 05/22] Update index.html
Co-authored-by: Kagami Sascha Rosylight
---
index.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/index.html b/index.html
index e46008e..8fc3425 100644
--- a/index.html
+++ b/index.html
@@ -319,7 +319,7 @@
If |url| is failure, return false.
If |url|'s [=URL/scheme=] is not "http" or "https", return
- return false.
+ false.
From a42f0b7107fd867fbfaa401b81792a026e8aa5d9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Wed, 23 Sep 2020 20:00:34 +1000
Subject: [PATCH 06/22] Add "validate share data" algorithm
---
index.html | 32 +++++---------------------------
1 file changed, 5 insertions(+), 27 deletions(-)
diff --git a/index.html b/index.html
index 50a1ce2..6af0b41 100644
--- a/index.html
+++ b/index.html
@@ -103,7 +103,6 @@
partial interface Navigator {
- [SecureContext] boolean canShare(optional ShareData data = {});
[SecureContext] Promise<undefined> share(optional ShareData data = {});
};
@@ -137,27 +136,6 @@
-
-
- canShare() method
-
-
- When the {{Navigator/canShare()}} method is called with argument
- |data:ShareData|, run the following steps:
-
-
- - If the current settings object's responsible document is not
- allowed to use the "[=web-share-feature|web-share=]"
- permission, return false.
-
- - Let |base| be [=this=]'s [=relevant settings object=]'s
- [=environment settings object/API base URL=].
-
- - Return the result of [=validate share data=] with |data| and
- |base|.
-
-
-
share() method
@@ -316,7 +294,7 @@
If |data|'s url member is present:
- - Let |url:URL| be the result of running the [=URL parser]=
+
- Let |url:URL| be the result of running the [=URL parser=]
on |data|'s url, with |base|, and no encoding override.
- If |url| is failure, return false.
@@ -520,12 +498,12 @@
native applications.
- Due to the capabilities of the API surface, {{Navigator/share()}}
- and {{Navigator/canShare()}} methods are restricted to [=secure
- contexts=] (such as `https://` schemes).
+ method is restricted to [=secure contexts=] (such as `https://`
+ schemes).
- Third-party contexts require that they be [=allowed to use=] the
- {{Navigator/share()}} and {{Navigator/canShare()}} methods via one of
- the mechanisms described in [[[permissions-policy]]].
+ {{Navigator/share()}} method is one of the mechanisms described in
+ [[[permissions-policy]]].
- Use of {{Navigator/share()}} from a private browsing mode
From 84e8c3a6af2b7b4b1fb2fec68c069d509e2c1941 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Mon, 28 Sep 2020 12:31:35 +1000
Subject: [PATCH 07/22] fixup
---
index.html | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/index.html b/index.html
index 6af0b41..909494f 100644
--- a/index.html
+++ b/index.html
@@ -147,7 +147,7 @@
- If the current settings object's responsible document is not
allowed to use the "[=web-share-feature|web-share=]"
- permission, return [=a promise rejected with=] with a
+ permission, return [=a promise rejected with=] a
{{"NotAllowedError"}} {{DOMException}}.
- If {{[[sharePromise]]}} is not `null`, return a promise
@@ -161,14 +161,14 @@
- [=Consume user activation=] of |window|.
- - If {{[[sharePromise]]}} is not `null`, return a promise
- rejected with {{InvalidStateError}}.
+
- If {{[[sharePromise]]}} is not `null`, return [=a promise
+ rejected with=] {{InvalidStateError}}.
- Let |base:URL| be the [=this=] value's relevant settings
object's [=environment settings object/api base URL=].
- If running the steps to [=validate share data=] with |data| and
- |base| return false, then return a promise rejected with a
+ |base| return false, then return [=a promise rejected with=] a
{{TypeError}}.
- If |data|'s {{ShareData/url}} member is present:
@@ -185,7 +185,7 @@
- If a file type is being blocked due to security considerations,
- return a promise rejected with with a {{"NotAllowedError"}}
+ return [=a promise rejected with=] with a {{"NotAllowedError"}}
{{DOMException}}.
- Set {{[[sharePromise]]}} to be a new promise.
From bd53f07d2cded99e77120ccf22cae6c781d43d57 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Mon, 28 Sep 2020 12:33:23 +1000
Subject: [PATCH 08/22] Simplify call to validate share data
---
index.html | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/index.html b/index.html
index 909494f..1982fe8 100644
--- a/index.html
+++ b/index.html
@@ -167,9 +167,8 @@
- Let |base:URL| be the [=this=] value's relevant settings
object's [=environment settings object/api base URL=].
- - If running the steps to [=validate share data=] with |data| and
- |base| return false, then return [=a promise rejected with=] a
- {{TypeError}}.
+
- If [=validate share data=] with |data| and |base| returns
+ false, then return [=a promise rejected with=] a {{TypeError}}.
- If |data|'s {{ShareData/url}} member is present:
From e683d5605de727dd53a8c1d6b9a086f651dfec60 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Wed, 14 Oct 2020 16:51:54 +1100
Subject: [PATCH 09/22] Apply suggestions from code review
Co-authored-by: Martin Thomson
---
index.html | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/index.html b/index.html
index 1982fe8..25ddfe6 100644
--- a/index.html
+++ b/index.html
@@ -277,12 +277,12 @@
- If |data|'s {{ShareData/files}} member is present:
- - If |titleTextOrUrl| is false, and if |data|'s
- {{ShareData/files}} member is empty, or return false.
+
- If |titleTextOrUrl| is false and |data|'s
+ {{ShareData/files}} member is empty, return false.
This causes a `{ files: [] }` dictionary to be treated as
an empty dictionary. However, passing a dictionary like
- `{text: "text" files: []}` is fine, as `files` is just
+ `{text: "text", files: []}` is fine, as `files` is just
ignored.
From 6c0a9f5a90a4a35375f3211c385be380c73b5a62 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Wed, 28 Oct 2020 11:51:29 +1100
Subject: [PATCH 10/22] Add AU-specific type check, plus reject
---
index.html | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/index.html b/index.html
index f1d5b15..321aa35 100644
--- a/index.html
+++ b/index.html
@@ -289,6 +289,11 @@
- If the implementation does not support file sharing, return
false.
+ - If the user agent believes sharing any of the files in
+ `files` would result in a potentially hostile share, return
+ false.
+
+
- If |data|'s url member is present:
From b4949465ef773f47a4813cd89bf44c526137260c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Mon, 9 Aug 2021 09:48:37 +1000
Subject: [PATCH 11/22] Fixup internal slot
---
index.html | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/index.html b/index.html
index 209e850..2cae1a8 100644
--- a/index.html
+++ b/index.html
@@ -161,8 +161,9 @@
- [=Consume user activation=] of |window|.
- - If {{[[sharePromise]]}} is not `null`, return [=a promise
- rejected with=] {{InvalidStateError}}.
+
- If {{Navigator/[[sharePromise]]}} is not `null`, return [=a
+ promise rejected with=] {{InvalidStateError}}.
+
- If none of |data|'s members {{ShareData/title}},
{{ShareData/text}}, or {{ShareData/url}} or {{ShareData/files}} are
present, return a promise rejected with a {{TypeError}}.
From 95d9909d6441f4e078acfdaa4ce71f51cba8afc9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Mon, 16 Aug 2021 11:41:21 +1000
Subject: [PATCH 12/22] Update index.html
Co-authored-by: Kagami Sascha Rosylight
---
index.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/index.html b/index.html
index 2cae1a8..d0cb7e7 100644
--- a/index.html
+++ b/index.html
@@ -188,7 +188,7 @@
If a file type is being blocked due to security considerations,
- return [=a promise rejected with=] with a {{"NotAllowedError"}}
+ return [=a promise rejected with=] a {{"NotAllowedError"}}
{{DOMException}}.
Set {{Navigator/[[sharePromise]]}} to be a new promise.
From 40618ca2e2182afae0321d802c813d161bfec998 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Mon, 16 Aug 2021 13:51:22 +1000
Subject: [PATCH 13/22] Remove note about allowed to use in priv sec section
---
index.html | 4 ----
1 file changed, 4 deletions(-)
diff --git a/index.html b/index.html
index d0cb7e7..c5112a1 100644
--- a/index.html
+++ b/index.html
@@ -510,10 +510,6 @@
is only [=exposed=] in [=secure contexts=] (such as `https://`
schemes).
- Third-party contexts require that they be [=allowed to use=] the
- {{Navigator/share()}} method is one of the mechanisms described in
- [[[permissions-policy]]].
-
Use of {{Navigator/share()}} from a private browsing mode
might leak private data to a third-party application that does not
From abd6bcdd2775655a19f932e3c6cde5aad9f9e21d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Mon, 16 Aug 2021 14:04:23 +1000
Subject: [PATCH 14/22] Fixup + remove link to issue 127
---
index.html | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/index.html b/index.html
index 4838886..f0bfd38 100644
--- a/index.html
+++ b/index.html
@@ -167,8 +167,8 @@
{{ShareData/text}}, or {{ShareData/url}} or {{ShareData/files}} are
present, return a promise rejected with a {{TypeError}}.
- Let |base:URL| be the [=this=] value's relevant settings
- object's [=environment settings object/api base URL=].
+ Let |base:URL| be [=this=]'s relevant settings object's
+ [=environment settings object/api base URL=].
If [=validate share data=] with |data| and |base| returns
false, then return [=a promise rejected with=] a {{TypeError}}.
@@ -297,7 +297,6 @@
If the user agent believes sharing any of the files in
`files` would result in a potentially hostile share, return
false.
-
From 28e5ad56774a16727fcb327046e3ddd7034d9d1e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Mon, 16 Aug 2021 14:14:58 +1000
Subject: [PATCH 15/22] fixup typo
---
index.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/index.html b/index.html
index f0bfd38..c3c0e24 100644
--- a/index.html
+++ b/index.html
@@ -168,7 +168,7 @@ Let |base:URL| be [=this=]'s relevant settings object's
- [=environment settings object/api base URL=].
+ [=environment settings object/API base URL=].
If [=validate share data=] with |data| and |base| returns
false, then return [=a promise rejected with=] a {{TypeError}}.
From d86d782b1be751d9fb30f64d7c38c8009a7468a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Mon, 16 Aug 2021 14:16:40 +1000
Subject: [PATCH 16/22] another typo
---
index.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/index.html b/index.html
index c3c0e24..4289c90 100644
--- a/index.html
+++ b/index.html
@@ -161,7 +161,7 @@
[=Consume user activation=] of |window|.
If {{Navigator/[[sharePromise]]}} is not `null`, return [=a
- promise rejected with=] {{InvalidStateError}}.
+ promise rejected with=] an {{InvalidStateError}}.
If none of |data|'s members {{ShareData/title}},
{{ShareData/text}}, or {{ShareData/url}} or {{ShareData/files}} are
From e72fe8894694eba7774e75f43b9775b2bea3adee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Mon, 16 Aug 2021 14:30:16 +1000
Subject: [PATCH 17/22] Add missing {{DOMException}} in places
---
index.html | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/index.html b/index.html
index 4289c90..d7e9638 100644
--- a/index.html
+++ b/index.html
@@ -151,7 +151,7 @@
{{"NotAllowedError"}} {{DOMException}}.
If {{Navigator/[[sharePromise]]}} is not `null`, return a
- promise rejected with {{InvalidStateError}}.
+ promise rejected with {{"InvalidStateError"}} {{DOMException}}.
Let |window| be [=relevant global object=] of [=this=].
@@ -161,7 +161,8 @@
[=Consume user activation=] of |window|.
If {{Navigator/[[sharePromise]]}} is not `null`, return [=a
- promise rejected with=] an {{InvalidStateError}}.
+ promise rejected with=] an {{"InvalidStateError"}}
+ {{DOMException}}.
If none of |data|'s members {{ShareData/title}},
{{ShareData/text}}, or {{ShareData/url}} or {{ShareData/files}} are
From 5b7071e20d3795c3a315ba2cdd1e6c929c44665c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Mon, 16 Aug 2021 18:01:02 +1000
Subject: [PATCH 18/22] Remove null check, done elsewhere
---
index.html | 4 ----
1 file changed, 4 deletions(-)
diff --git a/index.html b/index.html
index d7e9638..2f504ff 100644
--- a/index.html
+++ b/index.html
@@ -160,10 +160,6 @@
[=Consume user activation=] of |window|.
- If {{Navigator/[[sharePromise]]}} is not `null`, return [=a
- promise rejected with=] an {{"InvalidStateError"}}
- {{DOMException}}.
-
If none of |data|'s members {{ShareData/title}},
{{ShareData/text}}, or {{ShareData/url}} or {{ShareData/files}} are
present, return a promise rejected with a {{TypeError}}.
From c8c25254cb8a30759272cd6c67f83ca588ffafc2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Mon, 16 Aug 2021 18:04:20 +1000
Subject: [PATCH 19/22] Remove ref to secure-context
---
index.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/index.html b/index.html
index 515a8eb..0399e5d 100644
--- a/index.html
+++ b/index.html
@@ -47,7 +47,7 @@
};
-
+
This specification defines an API for sharing text, links and other
From b5635200cbe08e8989c910f4b2e5928f31364c80 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Mon, 16 Aug 2021 18:40:41 +1000
Subject: [PATCH 20/22] Further fixup
---
index.html | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/index.html b/index.html
index 0399e5d..f030647 100644
--- a/index.html
+++ b/index.html
@@ -161,10 +161,6 @@
[=Consume user activation=] of |window|.
- If none of |data|'s members {{ShareData/title}},
- {{ShareData/text}}, or {{ShareData/url}} or {{ShareData/files}} are
- present, return a promise rejected with a {{TypeError}}.
-
Let |base:URL| be [=this=]'s relevant settings object's
[=environment settings object/API base URL=].
@@ -298,15 +294,16 @@
- If |data|'s url member is present:
+ If |data|'s {{ShareData/url}} member is present:
- Let |url:URL| be the result of running the [=URL parser=]
- on |data|'s url, with |base|, and no encoding override.
+ on |data|'s {{ShareData/url}} member, with |base|, and no
+ encoding override.
- If |url| is failure, return false.
- - If |url|'s [=URL/scheme=] is not "http" or "https", return
- false.
+
- If |url|'s [=URL/scheme=] is not "http" or "https", or is a
+ URL the user agent deems potentially hostile, return false.
From 9d2f37b36b8b0ae7d63cf36c56ca566c40d5eac8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Tue, 17 Aug 2021 12:03:42 +1000
Subject: [PATCH 21/22] Let UA decide what's a hostile URL
---
index.html | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/index.html b/index.html
index 334013a..6362001 100644
--- a/index.html
+++ b/index.html
@@ -302,8 +302,9 @@
If |url| is failure, return false.
- If |url|'s [=URL/scheme=] is not "http" or "https", or is a
- URL the user agent deems potentially hostile, return false.
+ If |url| is a URL the user agent deems potentially hostile
+ (e.g., "file://" or other schemes that are not "http" or
+ "https"), return false.
From 892497fea81f5415373350ba380f81d680c40033 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?=
Date: Tue, 17 Aug 2021 15:51:12 +1000
Subject: [PATCH 22/22] Include issue 178
---
index.html | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/index.html b/index.html
index e9c78e0..822ded0 100644
--- a/index.html
+++ b/index.html
@@ -302,9 +302,13 @@
If |url| is failure, return false.
- If |url| is a URL the user agent deems potentially hostile
- (e.g., "file://" or other schemes that are not "http" or
- "https"), return false.
+
+
+ If |url| is a URL the user agent deems potentially hostile
+ (e.g., "file:") or wouldn't make sense to outside the scope
+ of the document (e.g., "blob:"), return false.
+
+