diff --git a/index.html b/index.html index 1a6e0d0..822ded0 100644 --- a/index.html +++ b/index.html @@ -161,32 +161,18 @@

  • [=Consume user activation=] of |window|.
    • -
  • If none of |data|'s members {{ShareData/title}}, - {{ShareData/text}}, or {{ShareData/url}} or {{ShareData/files}} are - present, return a promise rejected with a {{TypeError}}. +
  • Let |base:URL| be [=this=]'s relevant settings object's + [=environment settings object/API base URL=].
    • -
  • If |data|'s {{ShareData/files}} member is present: -
      -
    1. If |data|'s {{ShareData/files}} member is empty, or if the - implementation does not support file sharing, return a - promise rejected with a {{TypeError}}, and abort these - steps. -
      2. -
    +
  • If [=validate share data=] with |data| and |base| returns + false, then return [=a promise rejected with=] a {{TypeError}}.
  • If |data|'s {{ShareData/url}} member is present:
      -
    1. Let |base:URL| be the [=this=] value's relevant settings - object's [=environment settings object/api base URL=]. -
    2. Let |url:URL| be the result of running the URL parser on |data|'s {{ShareData/url}} with |base|.
      3. -
    3. If |url| is failure, return a promise rejected with - {{TypeError}}. -
      4. -
    4. If |url|'s [=URL/scheme=] is not "http" or "https", return - a promise rejected with {{TypeError}}. +
    5. Assert: |url| is {{URL}}.
    6. Set |data| to a copy of |data|, with its {{ShareData/url}} member set to the result of running the URL serializer @@ -271,6 +257,65 @@

      or bypassing the UI if there is only a single share target. +
      +

      + Validate share data +

      +

      + To validate share data with |data:ShareData| and + |base:URL|, run the following steps: +

      +
        +
      1. If none of |data|'s members {{ShareData/title}}, + {{ShareData/text}}, or {{ShareData/url}} or {{ShareData/files}} are + present, return false. +
        2. +
      2. Let |titleTextOrUrl:boolean| be true if any of + {{ShareData/title}}, or {{ShareData/text}}, or {{ShareData/url}} is + present. +
        3. +
      3. If |data|'s {{ShareData/files}} member is present: +
          +
        1. If |titleTextOrUrl| is false and |data|'s + {{ShareData/files}} member is empty, return false. +

          + This causes a `{ files: [] }` dictionary to be treated as + an empty dictionary. However, passing a dictionary like + `{text: "text", files: []}` is fine, as `files` is just + ignored. +

          +
          2. +
        2. If the implementation does not support file sharing, return + false. +
          3. +
        3. If the user agent believes sharing any of the files in + `files` would result in a potentially hostile share, return + false. +
          4. +
        +
        4. +
      4. If |data|'s {{ShareData/url}} member is present: +
          +
        1. Let |url:URL| be the result of running the [=URL parser=] + on |data|'s {{ShareData/url}} member, with |base|, and no + encoding override. +
          2. +
        2. If |url| is failure, return false. +
          3. +
        3. +

          + If |url| is a URL the user agent deems potentially hostile + (e.g., "file:") or wouldn't make sense to outside the scope + of the document (e.g., "blob:"), return false. +

          + +
          4. +
        +
        5. +
      5. Return true. +
        6. +
      +