diff --git a/url.bs b/url.bs index b42bdfc8..d5c0f23b 100644 --- a/url.bs +++ b/url.bs @@ -273,8 +273,8 @@ U+0020 SPACE, U+0023 (#), U+0025 (%), U+002F (/), U+003A (:), U+003F (?), U+0040 U+005C (\), or U+005D (]).

A host's public suffix is the portion of a -host which is included on the Public Suffix List [[!PSL]]. To obtain -host's public suffix, run these steps: +host which is included on the Public Suffix List. To obtain +host's public suffix, run these steps: [[!PSL]]

  1. If host is not a domain, then return null. @@ -285,9 +285,8 @@ U+005C (\), or U+005D (]).

A host's registrable domain is a domain formed by -the most specific public suffix, along with the domain label immediately preceeding it. If no such -label is available, the registrable domain is null. To obtain host's -registrable domain, run these steps: +the most specific public suffix, along with the domain label immediately preceeding it, if any. To +obtain host's registrable domain, run these steps:

  1. If host's public suffix is null or host's @@ -295,7 +294,7 @@ label is available, the registrable domain is null. To obtain

    Return the registrable domain obtained by executing the algorithm defined by the Public Suffix List on - host. [[!PSL]]. + host. [[!PSL]]

@@ -351,45 +350,45 @@ label is available, the registrable domain is null. To obtain same site with each other if either of the following statements are true:
-

Assuming that suffix.example is a public suffix, and that +

Assuming that suffix.example is a public suffix and that example.com is not:

-

Specifications should avoid relying on "public suffix", +

Specifications should avoid depending on "public suffix", "registrable domain", and "same site". The public suffix list will diverge from client to client, and cannot be relied-upon to provide a hard security boundary. Specifications which ignore this advice are encouraged to carefully consider whether URLs' schemes ought to be -incorporated into any decision made based upon whether or not two hosts are same -site. HTML's same origin-domain concept is a reasonable example of this consideration in -practice. +incorporated into any decision made based upon whether or not two hosts are +same site. HTML's same origin-domain concept is a reasonable example of this +consideration in practice.

IDNA