Skip to content

Commit ac1d176

Browse files
marcoscaceresmarcoscaceres
authored
Editorial: fix bikeshed warnings (#276)
1 parent 1c2a8d4 commit ac1d176

File tree

1 file changed

+7
-7
lines changed

1 file changed

+7
-7
lines changed

index.bs

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1020,7 +1020,7 @@ spec:css-syntax-3;
10201020

10211021
1. If |permission| is null, continue.
10221022

1023-
1. If |document| is **not** [=allowed to use=] |permission|, return
1023+
1. If |document| is **not** [=/allowed to use=] |permission|, return
10241024
[=a promise rejected with=] a "{{NotAllowedError}}" {{DOMException}}.
10251025

10261026
1. Let |p| be [=a new promise=].
@@ -1218,7 +1218,7 @@ spec:css-syntax-3;
12181218

12191219
1. If |permission| is null, continue.
12201220

1221-
1. If |document| is **not** [=allowed to use=] |permission|, return
1221+
1. If |document| is **not** [=/allowed to use=] |permission|, return
12221222
[=a promise rejected with=] a "{{NotAllowedError}}" {{DOMException}}.
12231223

12241224
1. If <code>|options|.{{CredentialRequestOptions/signal}}</code> is [=AbortSignal/aborted=],
@@ -2244,14 +2244,14 @@ spec:css-syntax-3;
22442244
which restricts the endpoints to which data can be sent. In particular, developers should ensure
22452245
that the following directives are set, explicitly or implicitly, in their pages' policies:
22462246

2247-
* [=`script-src`=] and [=`object-src`=] both restrict script execution on a page, making
2247+
* [=script-src=] and [=object-src=] both restrict script execution on a page, making
22482248
it less likely that a cross-site scripting attack will succeed in the first place. If sites
2249-
are populating <{form}> elements, also [=`form-action`=] directives should be set.
2249+
are populating <{form}> elements, also [=form-action=] directives should be set.
22502250

2251-
* [=`connect-src`=] restricts the origins to which <a lt=fetch(input)><code>fetch()</code></a>
2252-
may submit data (which mitigates the risk that credentials could be exfiltrated to `evil.com`.
2251+
* [=connect-src=] restricts the origins to which <a lt=fetch(input)><code>fetch()</code></a>
2252+
may submit data (which mitigates the risk that credentials could be exfiltrated to `evil.com`).
22532253

2254-
* [=`child-src`=] restricts the nested browsing contexts which may be embedded in a page,
2254+
* [=child-src=] restricts the nested browsing contexts which may be embedded in a page,
22552255
making it more difficult to inject a malicious `postMessage()` target. [[HTML]]
22562256

22572257
Developers should, of course, also properly escape input and output, and consider using other

0 commit comments

Comments
 (0)