@@ -161,32 +161,18 @@ <h4>
161161 </ li >
162162 < li > [=Consume user activation=] of |window|.
163163 </ li >
164- < li > If none of |data|'s members {{ShareData/title}},
165- {{ShareData/text}}, or {{ShareData/url}} or {{ShareData/files}} are
166- present, return < a > a promise rejected with</ a > a {{TypeError}}.
164+ < li > Let |base:URL| be [=this=]'s < a > relevant settings object</ a > 's
165+ [=environment settings object/API base URL=].
167166 </ li >
168- < li > If |data|'s {{ShareData/files}} member is present:
169- < ol >
170- < li > If |data|'s {{ShareData/files}} member is empty, or if the
171- implementation does not support file sharing, return < a > a
172- promise rejected with</ a > a {{TypeError}}, and abort these
173- steps.
174- </ li >
175- </ ol >
167+ < li > If [=validate share data=] with |data| and |base| returns
168+ false, then return [=a promise rejected with=] a {{TypeError}}.
176169 </ li >
177170 < li > If |data|'s {{ShareData/url}} member is present:
178171 < ol >
179- < li > Let |base:URL| be the [=this=] value's < a > relevant settings
180- object</ a > 's [=environment settings object/api base URL=].
181- </ li >
182172 < li > Let |url:URL| be the result of running the < a > URL
183173 parser</ a > on |data|'s {{ShareData/url}} with |base|.
184174 </ li >
185- < li > If |url| is failure, return < a > a promise rejected with</ a >
186- {{TypeError}}.
187- </ li >
188- < li > If |url|'s [=URL/scheme=] is not "http" or "https", return
189- < a > a promise rejected with</ a > {{TypeError}}.
175+ < li > Assert: |url| is {{URL}}.
190176 </ li >
191177 < li > Set |data| to a copy of |data|, with its {{ShareData/url}}
192178 member set to the result of running the < a > URL serializer</ a >
@@ -271,6 +257,65 @@ <h4>
271257 or bypassing the UI if there is only a single share target.
272258 </ div >
273259 </ section >
260+ < section >
261+ < h3 >
262+ Validate share data
263+ </ h3 >
264+ < p >
265+ To < dfn > validate share data</ dfn > with |data:ShareData| and
266+ |base:URL|, run the following steps:
267+ </ p >
268+ < ol class ="algorithm ">
269+ < li > If none of |data|'s members {{ShareData/title}},
270+ {{ShareData/text}}, or {{ShareData/url}} or {{ShareData/files}} are
271+ present, return false.
272+ </ li >
273+ < li > Let |titleTextOrUrl:boolean| be true if any of
274+ {{ShareData/title}}, or {{ShareData/text}}, or {{ShareData/url}} is
275+ present.
276+ </ li >
277+ < li > If |data|'s {{ShareData/files}} member is present:
278+ < ol >
279+ < li > If |titleTextOrUrl| is false and |data|'s
280+ {{ShareData/files}} member is empty, return false.
281+ < p class ="note ">
282+ This causes a `{ files: [] }` dictionary to be treated as
283+ an empty dictionary. However, passing a dictionary like
284+ `{text: "text", files: []}` is fine, as `files` is just
285+ ignored.
286+ </ p >
287+ </ li >
288+ < li > If the implementation does not support file sharing, return
289+ false.
290+ </ li >
291+ < li > If the user agent believes sharing any of the files in
292+ `files` would result in a potentially hostile share, return
293+ false.
294+ </ li >
295+ </ ol >
296+ </ li >
297+ < li > If |data|'s {{ShareData/url}} member is present:
298+ < ol >
299+ < li > Let |url:URL| be the result of running the [=URL parser=]
300+ on |data|'s {{ShareData/url}} member, with |base|, and no
301+ encoding override.
302+ </ li >
303+ < li > If |url| is failure, return false.
304+ </ li >
305+ < li >
306+ < p >
307+ If |url| is a URL the user agent deems potentially hostile
308+ (e.g., "file:") or wouldn't make sense to outside the scope
309+ of the document (e.g., "blob:"), return false.
310+ </ p >
311+ < aside class ="issue " data-number ="178 "> </ aside >
312+ </ li >
313+ </ ol >
314+ </ li >
315+ < li > Return true.
316+ </ li >
317+ </ ol >
318+ </ section >
274319 </ section >
275320 < section data-dfn-for ="ShareData ">
276321 < h3 >
0 commit comments