[e] (0) Loosen this requirement a bit to be more realistic.

Affected topics: DOM APIs, Security git-svn-id: http://svn.whatwg.org/webapps@6985 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Feb 9, 2012 · 253c887 · 253c887
1 parent 8b878f5
commit 253c887
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 6 deletions.
diff --git a/complete.html b/complete.html
@@ -70509,8 +70509,9 @@ <h5 id=security-and-privacy><span class=secno>7.5.1.3 </span>Security and privac
   certain subdomains, content types, or schemes.</p>
 
   <p><strong>Leaking secure URLs.</strong> User agents should not send
-  HTTPS URLs to third-party sites registered as content handlers, in
-  the same way that user agents do not send <code title=http-referer>Referer</code> (sic) HTTP headers from secure
+  HTTPS URLs to third-party sites registered as content handlers
+  without the user's informed consent, for the same reason that user
+  agents sometimes avoid sending <code title=http-referer>Referer</code> (sic) HTTP headers from secure
   sites to third-party sites.</p>
 
   <p><strong>Leaking credentials.</strong> User agents must never send

diff --git a/index b/index
@@ -70509,8 +70509,9 @@ interface <dfn id=navigatorcontentutils>NavigatorContentUtils</dfn> {
   certain subdomains, content types, or schemes.</p>
 
   <p><strong>Leaking secure URLs.</strong> User agents should not send
-  HTTPS URLs to third-party sites registered as content handlers, in
-  the same way that user agents do not send <code title=http-referer>Referer</code> (sic) HTTP headers from secure
+  HTTPS URLs to third-party sites registered as content handlers
+  without the user's informed consent, for the same reason that user
+  agents sometimes avoid sending <code title=http-referer>Referer</code> (sic) HTTP headers from secure
   sites to third-party sites.</p>
 
   <p><strong>Leaking credentials.</strong> User agents must never send

diff --git a/source b/source
@@ -82401,8 +82401,9 @@ interface <dfn>NavigatorContentUtils</dfn> {
   certain subdomains, content types, or schemes.</p>
 
   <p><strong>Leaking secure URLs.</strong> User agents should not send
-  HTTPS URLs to third-party sites registered as content handlers, in
-  the same way that user agents do not send <code
+  HTTPS URLs to third-party sites registered as content handlers
+  without the user's informed consent, for the same reason that user
+  agents sometimes avoid sending <code
   title="http-referer">Referer</code> (sic) HTTP headers from secure
   sites to third-party sites.</p>