Short URL: http://html5.org/r/7152
| SVN | Bug | Comment | Time (UTC) |
|---|---|---|---|
| 7152 | 2012-06-28 21:21 |
Index: source
===================================================================
--- source (revision 7151)
+++ source (revision 7152)
@@ -92553,12 +92553,13 @@
<p>User agents should filter potentially active (scripted) content
(e.g. HTML) when it is dragged and when it is dropped, using a
- whitelist of known-safe features. This specification does not
- specify how this is performed.</p>
+ whitelist of known-safe features. Similarly, relative URLs should be
+ turned into absolute URLs to avoid references changing in unexpected
+ ways. This specification does not specify how this is performed.</p>
<div class="example">
- <p>Consider a hostile page providing some content and gettuing the
+ <p>Consider a hostile page providing some content and getting the
user to select and drag and drop (or indeed, copy and paste) that
content to a victim page's <code
title="attr-contenteditable">contenteditable</code> region. If the