Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adjust web+ security considerations to account for FTP removal #6373

Merged
merged 1 commit into from
Feb 10, 2021
Merged

Adjust web+ security considerations to account for FTP removal #6373

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 4 additions & 8 deletions source
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2495,7 +2495,6 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
<li><dfn><code>about:blank</code></dfn></li>
<li>An <dfn data-x-href="https://fetch.spec.whatwg.org/#http-scheme">HTTP(S) scheme</dfn></li>
<li>A <dfn data-x-href="https://fetch.spec.whatwg.org/#local-scheme">local scheme</dfn></li>
<li>A <dfn data-x-href="https://fetch.spec.whatwg.org/#network-scheme">network scheme</dfn></li>
<li>A <dfn data-x-href="https://fetch.spec.whatwg.org/#fetch-scheme">fetch scheme</dfn></li>
<li><dfn data-x-href="https://fetch.spec.whatwg.org/#http-cors-protocol">CORS protocol</dfn></li>
<li><dfn data-x="default-user-agent-value" data-x-href="https://fetch.spec.whatwg.org/#default-user-agent-value">default `<code>User-Agent</code>` value</dfn></li>
Expand Down Expand Up @@ -9252,7 +9251,7 @@ partial interface <dfn id="document" data-lt="">Document</dfn> {
context</span> is null.</li>

<li>A <code>Document</code> whose <span data-x="concept-document-url">URL</span>'s <span
data-x="concept-url-scheme">scheme</span> is not a <span>network scheme</span>.</li>
data-x="concept-url-scheme">scheme</span> is not an <span>HTTP(S) scheme</span>.</li>

</ul>

Expand Down Expand Up @@ -117970,16 +117969,13 @@ interface <dfn>MimeType</dfn> {
<dd>Scheme-specific.</dd>
<dt>Interoperability considerations:</dt>
<dd>The scheme is expected to be used in the context of web applications.</dd>
<!--ADD-TOPIC:Security-->
<dt>Security considerations:</dt>
<dd>
Any web page is able to register a handler for all "<code data-x="">web+</code>" schemes. As
such, these schemes must not be used for features intended to be core platform features (e.g.
network transfer protocols like HTTP or FTP). Similarly, such schemes must not store
confidential information in their URLs, such as usernames, passwords, personal information, or
confidential project names.
such, these schemes must not be used for features intended to be core platform features (e.g.,
HTTP). Similarly, such schemes must not store confidential information in their URLs, such as
usernames, passwords, personal information, or confidential project names.
</dd>
<!--REMOVE-TOPIC:Security-->
<dt>Contact:</dt>
<dd>Ian Hickson &lt;[email protected]></dd>
<dt>Change controller:</dt>
Expand Down