From 462fdc14732aae4b0b9c5334f37962d8c235caf9 Mon Sep 17 00:00:00 2001
From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 15 Mar 2017 09:37:07 +0100
Subject: [PATCH] Restrict protocol around "file"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

As file URLs cannot have username/password/port we don’t want to allow changing the scheme of a URL that contains one or more of those components.

Similarly a file URL can have an empty/null host, changing the scheme to another special URL that cannot have such a host would be bad.

Fixes #259 and fixes #270.
---
 url.bs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/url.bs b/url.bs
index ec35294e..6c566e1d 100644
--- a/url.bs
+++ b/url.bs
@@ -1495,6 +1495,12 @@ string <var>input</var>, optionally with a <a>base URL</a> <var>base</var>, opti
 
          <li><p>If <var>url</var>'s <a for=url>scheme</a> is not a <a>special scheme</a> and
          <var>buffer</var> is, then return.
+
+         <li><p>If <var>url</var> <a>includes credentials</a> or has a non-null <a for=url>port</a>,
+         and <var>buffer</var> is "<code>file</code>", then return.
+
+         <li><p>If <var>url</var>'s <a for=url>scheme</a> is "<code>file</code>" and its
+         <a for=url>host</a> is an <a>empty host</a> or null, then return.
         </ol>
 
        <li><p>Set <var>url</var>'s <a for=url>scheme</a> to <var>buffer</var>.