[gwr] (2) there's a security risk if we allow pages in one domain to …

…fallback to pages in another domain. git-svn-id: http://svn.whatwg.org/webapps@2342 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Oct 16, 2008 · c17e465 · c17e465
1 parent 4f97e9e
commit c17e465
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 19 deletions.
diff --git a/index b/index
@@ -34244,14 +34244,10 @@ style/default.css</pre>
       <p>If either fails, then jump back to the step labeled "start of
       line".</p>
 
-      <p>If the <a href=#absolute-url>absolute URL</a> corresponding to <var title="">part one</var> does not have the <a href=#same-origin>same
-      origin</a> as the manifest's URL, then jump back to the step
-      labeled "start of line".</p> <!-- SECURITY -->
-
-      <p>If the resulting <a href=#absolute-url>absolute URL</a> for <var title="">part two</var> has a different <a href=#url-scheme title=url-scheme>&lt;scheme&gt;</a> component than the
-      manifest's URL (compared in an <a href=#ascii-case-insensitive>ASCII
-      case-insensitive</a> manner), then jump back to the step
-      labeled "start of line".</p>
+      <p>If the <a href=#absolute-url>absolute URL</a> corresponding to either <var title="">part one</var> or <var title="">part two</var> does not
+      have the <a href=#same-origin>same origin</a> as the manifest's URL, then
+      jump back to the step labeled "start of line".</p> <!-- SECURITY
+      -->
 
       <p>Drop any the <a href=#url-fragment title=url-fragment>&lt;fragment&gt;</a> components of the
       resulting <a href=#absolute-url title="absolute URL">absolute URLs</a>.</p>

diff --git a/source b/source
@@ -38867,17 +38867,11 @@ style/default.css</pre>
       <p>If either fails, then jump back to the step labeled "start of
       line".</p>
 
-      <p>If the <span>absolute URL</span> corresponding to <var
-      title="">part one</var> does not have the <span>same
-      origin</span> as the manifest's URL, then jump back to the step
-      labeled "start of line".</p> <!-- SECURITY -->
-
-      <p>If the resulting <span>absolute URL</span> for <var
-      title="">part two</var> has a different <span
-      title="url-scheme">&lt;scheme&gt;</span> component than the
-      manifest's URL (compared in an <span>ASCII
-      case-insensitive</span> manner), then jump back to the step
-      labeled "start of line".</p>
+      <p>If the <span>absolute URL</span> corresponding to either <var
+      title="">part one</var> or <var title="">part two</var> does not
+      have the <span>same origin</span> as the manifest's URL, then
+      jump back to the step labeled "start of line".</p> <!-- SECURITY
+      -->
 
       <p>Drop any the <span
       title="url-fragment">&lt;fragment&gt;</span> components of the