[e] (0) Fix some typos or copypasta.

Affected topics: HTML, Security git-svn-id: http://svn.whatwg.org/webapps@6877 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Dec 16, 2011 · 9548db3 · 9548db3
1 parent 7d1712e
commit 9548db3
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 6 deletions.
diff --git a/complete.html b/complete.html
@@ -2235,15 +2235,17 @@ <h4 id=writing-secure-applications-with-html><span class=secno>1.10.1 </span>Wri
      <li>When allowing URLs to be provided (e.g. for links), the
      scheme of each URL also needs to be explicitly whitelisted, as
      there are many schemes that can be abused. The most prominent
-     example is "<code agents="" but="" can="" have="" historically="" implement="" implemented="" indeed="" others="" title="javascript:</code>" user=""> <!-- IE had vbscript:, Netscape had livescript:,
+     example is "<code title=javascript-protocol>javascript:</code>", but user agents
+     can implement (and indeed, have historically implemented)
+     others.</li> <!-- IE had vbscript:, Netscape had livescript:,
      etc. -->
 
      <li>Allowing a <code><a href=#the-base-element>base</a></code> element to be inserted means any
      <code><a href=#the-script-element>script</a></code> elements in the page with relative links can
      be hijacked, and similarly that any form submissions can get
      redirected to a hostile site.</li>
 
-    </code></ul></dd>
+    </ul></dd>
 
 
    <dt>Cross-site request forgery (CSRF)</dt>

diff --git a/index b/index
@@ -2235,15 +2235,17 @@ a.setAttribute('href', 'http://example.com/'); // change the content attribute d
      <li>When allowing URLs to be provided (e.g. for links), the
      scheme of each URL also needs to be explicitly whitelisted, as
      there are many schemes that can be abused. The most prominent
-     example is "<code agents="" but="" can="" have="" historically="" implement="" implemented="" indeed="" others="" title="javascript:</code>" user=""> <!-- IE had vbscript:, Netscape had livescript:,
+     example is "<code title=javascript-protocol>javascript:</code>", but user agents
+     can implement (and indeed, have historically implemented)
+     others.</li> <!-- IE had vbscript:, Netscape had livescript:,
      etc. -->
 
      <li>Allowing a <code><a href=#the-base-element>base</a></code> element to be inserted means any
      <code><a href=#the-script-element>script</a></code> elements in the page with relative links can
      be hijacked, and similarly that any form submissions can get
      redirected to a hostile site.</li>
 
-    </code></ul></dd>
+    </ul></dd>
 
 
    <dt>Cross-site request forgery (CSRF)</dt>

diff --git a/source b/source
@@ -1064,8 +1064,9 @@ a.setAttribute('href', 'http://example.com/'); // change the content attribute d
      <li>When allowing URLs to be provided (e.g. for links), the
      scheme of each URL also needs to be explicitly whitelisted, as
      there are many schemes that can be abused. The most prominent
-     example is "<code title="javascript:</code>", but user agents can
-     implement (and indeed, have historically implemented)
+     example is "<code
+     title="javascript-protocol">javascript:</code>", but user agents
+     can implement (and indeed, have historically implemented)
      others.</li> <!-- IE had vbscript:, Netscape had livescript:,
      etc. -->