From e6ad27b114b3de65203c5247ccf12ef00f4c6a41 Mon Sep 17 00:00:00 2001
From: Domenic Denicola <d@domenic.me>
Date: Wed, 8 Sep 2021 13:39:21 -0400
Subject: [PATCH] Change "can have its URL rewritten" to be scheme-based

Closes #6836. Closes #6992 by superseding it.
---
 source | 188 +++++++++++++++++++++++++++++++--------------------------
 1 file changed, 104 insertions(+), 84 deletions(-)

diff --git a/source b/source
index 0201c6716a6..e6e9a4802ff 100644
--- a/source
+++ b/source
@@ -85117,108 +85117,128 @@ interface <dfn interface>History</dfn> {
   </div>
 
   <p>A <code>Document</code> <var>document</var> <dfn>can have its URL rewritten</dfn> to a
-  <span>URL</span> <var>url</var> if the following algorithm returns true:</p>
+  <span>URL</span> <var>targetURL</var> if the following algorithm returns true:</p>
 
   <ol>
    <li><p>Let <var>documentURL</var> be <var>document</var>'s <span
    data-x="concept-document-url">URL</span>.</p></li>
 
-   <li><p>If <var>url</var> and <var>documentURL</var> differ in their <span
+   <li><p>If <var>targetURL</var> and <var>documentURL</var> differ in their <span
    data-x="concept-url-scheme">scheme</span>, <span data-x="concept-url-username">username</span>,
    <span data-x="concept-url-password">password</span>, <span
    data-x="concept-url-host">host</span>, or <span data-x="concept-url-port">port</span>
    components, then return false.</p></li>
 
-   <li>
-    <p>If <var>url</var>'s <span data-x="concept-url-origin">origin</span> is not <span>same
-    origin</span> with <var>document</var>'s <span data-x="concept-document-origin">origin</span>,
-    and <var>url</var> and <var>documentURL</var> differ in their <span
-    data-x="concept-url-path">path</span> or <span data-x="concept-url-query">query</span>
-    components, then return false.</p>
+   <li><p>If <var>targetURL</var>'s <span data-x="concept-url-scheme">scheme</span> is an
+   <span>HTTP(S) scheme</span>, then return true. (Differences in <span
+   data-x="concept-url-path">path</span>, <span data-x="concept-url-query">query</span>, and <span
+   data-x="concept-url-fragment">fragment</span> are allowed for <code data-x="http
+   protocol">http:</code> and <code data-x="https protocol">https:</code> URLs.)</p></li>
 
-    <p class="note">Even when the previous step's condition passes, the origins can mismatch due to
-    sandboxing causing <var>document</var>'s <span data-x="concept-document-origin">origin</span>
-    to be <span data-x="concept-origin-opaque">opaque</span>, or in cases where
-    <var>document</var>'s <span data-x="concept-document-origin">origin</span> is inherited from
-    its creator and doesn't match its <span data-x="concept-document-url">URL</span>.</p>
-   </li>
+   <li><p>If <var>targetURL</var>'s <span data-x="concept-url-scheme">scheme</span> is "<code
+   data-x="">file</code>", and <var>targetURL</var> and <var>documentURL</var> differ in their
+   <span data-x="concept-url-path">path</span> component, then return false. (Differences in <span
+   data-x="concept-url-query">query</span> and <span data-x="concept-url-fragment">fragment</span>
+   are allowed for <code data-x="">file:</code> URLs.)</p></li>
+
+   <li><p>If <var>targetURL</var> and <var>documentURL</var> differ in their <span
+   data-x="concept-url-path">path</span> component or <span data-x="concept-url-query">query</span>
+   components, then return false. (Only differences in <span
+   data-x="concept-url-fragment">fragment</span> are allowed for other types of URLs.)</p></li>
 
    <li><p>Return true.</p></li>
   </ol>
 
   <div class="example">
    <table>
-    <tr>
-     <th><code>Document</code>'s <span data-x="concept-document-origin">origin</span>
-     <th><code>Document</code>'s <span data-x="concept-document-url">URL</span>
-     <th>target URL
-     <th><span>can have its URL rewritten</span>
-    <tr>
-     <td>("<code data-x="">https</code>", "<code data-x="">example.com</code>", null, null)
-     <td><code data-x="">https://example.com/home</code>
-     <td><code data-x="">https://example.com/shop</code>
-     <td>✅
-    <tr>
-     <td>("<code data-x="">https</code>", "<code data-x="">example.com</code>", null, null)
-     <td><code data-x="">https://example.com/home</code>
-     <td><code data-x="">https://user:pass@example.com/home</code>
-     <td>❌
-    <tr>
-     <td>("<code data-x="">https</code>", "<code data-x="">example.com</code>", null, null)
-     <td><code data-x="">about:blank</code>
-     <td><code data-x="">about:blank#hash</code>
-     <td>✅
-    <tr>
-     <td>("<code data-x="">https</code>", "<code data-x="">example.com</code>", null, null)
-     <td><code data-x="">about:blank</code>
-     <td><code data-x="">about:blank?search</code>
-     <td>❌
-    <tr>
-     <td>("<code data-x="">https</code>", "<code data-x="">example.com</code>", null, null)
-     <td><code data-x="">about:blank</code>
-     <td><code data-x="">about:srcdoc</code>
-     <td>❌
-    <tr>
-     <td>("<code data-x="">https</code>", "<code data-x="">example.com</code>", null, null)
-     <td><code data-x="">blob:https://example.com/77becafe-657b-4fdc-8bd3-e83aaa5e8f43</code>
-     <td><code data-x="">blob:https://example.com/anything</code>
-     <td>✅
-    <tr>
-     <td>("<code data-x="">https</code>", "<code data-x="">example.com</code>", null, null)
-     <td><code data-x="">blob:https://example.com/77becafe-657b-4fdc-8bd3-e83aaa5e8f43</code>
-     <td><code data-x="">blob:https://example.org/anything</code>
-     <td>❌
-    <tr>
-     <td><span data-x="concept-origin-opaque">opaque</span>
-     <td><code data-x="">https://example.com/home</code>
-     <td><code data-x="">https://example.com/home#about</code>
-     <td>✅
-    <tr>
-     <td><span data-x="concept-origin-opaque">opaque</span>
-     <td><code data-x="">https://example.com/home</code>
-     <td><code data-x="">https://example.com/home?page=shop</code>
-     <td>❌
-    <tr>
-     <td><span data-x="concept-origin-opaque">opaque</span>
-     <td><code data-x="">https://example.com/home</code>
-     <td><code data-x="">https://example.com/shop</code>
-     <td>❌
-    <tr>
-     <td><span data-x="concept-origin-opaque">opaque</span>
-     <td><code data-x="">data:text/html,foo</code>
-     <td><code data-x="">data:text/html,foo#hash</code>
-     <td>✅
-    <tr>
-     <td><span data-x="concept-origin-opaque">opaque</span>
-     <td><code data-x="">data:text/html,foo</code>
-     <td><code data-x="">data:text/html,foo?search</code>
-     <td>❌
-    <tr>
-     <td><span data-x="concept-origin-opaque">opaque</span>
-     <td><code data-x="">data:text/html,foo</code>
-     <td><code data-x="">data:bar</code>
-     <td>❌
+    <thead>
+     <tr>
+      <th><var>document</var>'s <span data-x="concept-document-url">URL</span>
+      <th><var>targetURL</var>
+      <th><span>can have its URL rewritten</span>
+    <tbody>
+     <tr>
+      <td><code data-x="">https://example.com/home</code>
+      <td><code data-x="">https://example.com/home#about</code>
+      <td>✅
+     <tr>
+      <td><code data-x="">https://example.com/home</code>
+      <td><code data-x="">https://example.com/home?page=shop</code>
+      <td>✅
+     <tr>
+      <td><code data-x="">https://example.com/home</code>
+      <td><code data-x="">https://example.com/shop</code>
+      <td>✅
+     <tr>
+      <td><code data-x="">https://example.com/home</code>
+      <td><code data-x="">https://user:pass@example.com/home</code>
+      <td>❌
+     <tr>
+      <td><code data-x="">https://example.com/home</code>
+      <td><code data-x="">http://example.com/home</code>
+      <td>❌
+     <tr>
+      <td><code data-x="">file:///path/to/x</code>
+      <td><code data-x="">file:///path/to/x#hash</code>
+      <td>✅
+     <tr>
+      <td><code data-x="">file:///path/to/x</code>
+      <td><code data-x="">file:///path/to/x?search</code>
+      <td>✅
+     <tr>
+      <td><code data-x="">file:///path/to/x</code>
+      <td><code data-x="">file:///path/to/y</code>
+      <td>❌
+     <tr>
+      <td><code data-x="">about:blank</code>
+      <td><code data-x="">about:blank#hash</code>
+      <td>✅
+     <tr>
+      <td><code data-x="">about:blank</code>
+      <td><code data-x="">about:blank?search</code>
+      <td>❌
+     <tr>
+      <td><code data-x="">about:blank</code>
+      <td><code data-x="">about:srcdoc</code>
+      <td>❌
+     <tr>
+      <td><code data-x="">data:text/html,foo</code>
+      <td><code data-x="">data:text/html,foo#hash</code>
+      <td>✅
+     <tr>
+      <td><code data-x="">data:text/html,foo</code>
+      <td><code data-x="">data:text/html,foo?search</code>
+      <td>❌
+     <tr>
+      <td><code data-x="">data:text/html,foo</code>
+      <td><code data-x="">data:text/html,bar</code>
+      <td>❌
+     <tr>
+      <td><code data-x="">data:text/html,foo</code>
+      <td><code data-x="">data:bar</code>
+      <td>❌
+     <tr>
+      <td><code data-x="">blob:https://example.com/77becafe-657b-4fdc-8bd3-e83aaa5e8f43</code>
+      <td><code data-x="">blob:https://example.com/77becafe-657b-4fdc-8bd3-e83aaa5e8f43#hash</code>
+      <td>✅
+     <tr>
+      <td><code data-x="">blob:https://example.com/77becafe-657b-4fdc-8bd3-e83aaa5e8f43</code>
+      <td><code data-x="">blob:https://example.com/77becafe-657b-4fdc-8bd3-e83aaa5e8f43?search</code>
+      <td>❌
+     <tr>
+      <td><code data-x="">blob:https://example.com/77becafe-657b-4fdc-8bd3-e83aaa5e8f43</code>
+      <td><code data-x="">blob:https://example.com/anything</code>
+      <td>❌
+     <tr>
+      <td><code data-x="">blob:https://example.com/77becafe-657b-4fdc-8bd3-e83aaa5e8f43</code>
+      <td><code data-x="">blob:path</code>
+      <td>❌
    </table>
+
+   <p>Note how only the <span data-x="concept-document-url">URL</span> of the <code>Document</code>
+   matters, and not its <span data-x="concept-document-origin">origin</span>. They can mismatch in
+   cases like the <span data-x="is initial about:blank">initial <code>about:blank</code></span>
+   <code>Document</code> or in sandboxed <code>iframe</code>s.</p>
   </div>
 
   <div class="example">