@@ -385,6 +385,19 @@ <h3>
385385 < h3 >
386386 Validate share data
387387 </ h3 >
388+ < p >
389+ A < dfn > sharable scheme</ dfn > is any of the following [=URL=]
390+ [=URL/schemes=]:
391+ </ p >
392+ < ul >
393+ < li > `http`
394+ </ li >
395+ < li > `https`
396+ </ li >
397+ < li > Any [=safelisted scheme=] that the user agent supports for the
398+ purpose of sharing.
399+ </ li >
400+ </ ul >
388401 < p >
389402 To < dfn > validate share data</ dfn > with |data:ShareData| and
390403 |base:URL|, run the following steps:
@@ -427,13 +440,11 @@ <h3>
427440 </ li >
428441 < li > If |url| is failure, return false.
429442 </ li >
430- < li >
431- < p >
432- If |url| is a URL the user agent deems potentially hostile
433- (e.g., "file:") or wouldn't make sense to outside the scope
434- of the document (e.g., "blob:"), return false.
435- </ p >
436- < aside class ="issue " data-number ="178 "> </ aside >
443+ < li > If the |url|'s [=URL/scheme=] is a [=local scheme=], or
444+ `file`, or `javascript`, or `ws`, or `wss`, return false.
445+ </ li >
446+ < li > If |url|'s [=URL/scheme=] is not a [=sharable scheme=],
447+ return false.
437448 </ li >
438449 </ ol >
439450 </ li >
@@ -592,10 +603,13 @@ <h2>
592603 Security and privacy considerations
593604 </ h2 >
594605 < p >
595- Web Share enables data to be sent from websites to native applications.
596- While this ability is not unique to Web Share, it does come with a
597- number of potential security issues that can vary in severity
598- (depending on the underlying platform).
606+ Web Share enables data to be sent from websites to a [=share target=],
607+ which can be a native applications. While this ability is not unique to
608+ Web Share, it does come with a number of potential security risks that
609+ can vary in severity (depending on the underlying platform).
610+ </ p >
611+ < p >
612+ The following points are worth considering:
599613 </ p >
600614 < ul >
601615 < li > The API does not expose to the website which [=share targets=] are
@@ -641,11 +655,11 @@ <h2>
641655 buffer overflow or other remote code execution vulnerabilities in
642656 native applications that receive shares. There is no general way to
643657 guard against this, but implementors will want to be aware that it is a
644- possibility.
658+ possibility (particularly when sharing files) .
645659 </ li >
646660 < li >
647661 < p >
648- Share targets that dereference a shared URL and forward that
662+ [= Share targets=] that dereference a shared URL and forward that
649663 information on might inadvertently forward information that might
650664 be otherwise confidential. This can lead to unexpected information
651665 leakage if shares reference content that is only accessible by that
656670 by providing URLs that ultimately resolve to local resources,
657671 including, but not limited to, "file:" URLs or local services that
658672 might otherwise be inaccessible. Even though this API limits shared
659- URLS to "http:" and "https:", use of redirects to other URLs or
660- tweaks to DNS records for hosts in those URLs might be used to
661- cause applications to acquire content.
673+ URLS to a restricted set of [=sharable schemes=], use of redirects
674+ to other URLs or tweaks to DNS records for hosts in those URLs
675+ might be used to cause applications to acquire content.
662676 </ p >
663677 < p >
664678 To avoid being used in these attacks, share targets can consume the
0 commit comments