Merge pull request #441 from metromoxie/sri-fix-broken-links

joelweinberger · joelweinberger · commit ab46bff685b2 · 2015-07-27T18:49:54.000-05:00
SRI: Fix broken links to section headers.
diff --git a/specs/subresourceintegrity/index.html b/specs/subresourceintegrity/index.html
@@ -380,7 +380,7 @@ <h4 id="agility">Agility</h4>
 
       <p>In this case, the user agent will choose the strongest hash function in the
 list, and use that metadata to validate the response (as described below in
-the “<a href="#parse-metadata.x">parse metadata</a>” and “<a href="#get-the-strongest-metadata-from-set.x">get the strongest metadata from
+the “<a href="#parse-metadata">parse metadata</a>” and “<a href="#get-the-strongest-metadata-from-set">get the strongest metadata from
 set</a>” algorithms).</p>
 
       <p>When a hash function is determined to be insecure, user agents SHOULD deprecate
@@ -424,7 +424,7 @@ <h4 id="priority">Priority</h4>
     <h3 id="response-verification-algorithms">Response verification algorithms</h3>
 
     <section>
-      <h4 id="apply-varalgorithmvar-to-varresponsevar">Apply <var>algorithm</var> to <var>response</var></h4>
+      <h4 id="apply-algorithm-to-response">Apply <var>algorithm</var> to <var>response</var></h4>
 
       <ol>
         <li>Let <var>result</var> be the result of <a href="#apply-algorithm-to-response">applying <var>algorithm</var></a>
@@ -436,11 +436,10 @@ <h4 id="apply-varalgorithmvar-to-varresponsevar">Apply <var>algorithm</var> to <
 <var>result</var>.</li>
         <li>Return <var>encodedResult</var>.</li>
       </ol>
-
     </section>
     <!-- Algorithms::apply -->
     <section>
-      <h4 id="is-varresponsevar-eligible-for-integrity-validation">Is <var>response</var> eligible for integrity validation</h4>
+      <h4 id="is-response-eligible-for-integrity-validation">Is <var>response</var> eligible for integrity validation</h4>
 
       <p>In order to mitigate an attacker’s ability to read data cross-origin by
 brute-forcing values via integrity checks, responses are only eligible for such
@@ -481,7 +480,7 @@ <h4 id="is-varresponsevar-eligible-for-integrity-validation">Is <var>response</v
     </section>
     <!-- Algorithms::eligible -->
     <section>
-      <h4 id="parse-varmetadatavar">Parse <var>metadata</var>.</h4>
+      <h4 id="parse-metadata">Parse <var>metadata</var>.</h4>
 
       <p>This algorithm accepts a string, and returns either <code>no metadata</code>, or a set of
 valid hash expressions whose hash functions are understood by
@@ -508,7 +507,7 @@ <h4 id="parse-varmetadatavar">Parse <var>metadata</var>.</h4>
     </section>
     <!-- Algorithms::parse -->
     <section>
-      <h4 id="get-the-strongest-metadata-from-varsetvar">Get the strongest metadata from <var>set</var>.</h4>
+      <h4 id="get-the-strongest-metadata-from-set">Get the strongest metadata from <var>set</var>.</h4>
 
       <ol>
         <li>Let <var>result</var> be the empty set and <var>strongest</var> be the empty
@@ -535,15 +534,15 @@ <h4 id="get-the-strongest-metadata-from-varsetvar">Get the strongest metadata fr
     </section>
     <!-- /Algorithms::get the strongest metadata -->
     <section>
-      <h4 id="does-varresponsevar-match-varmetadatalistvar">Does <var>response</var> match <var>metadataList</var>?</h4>
+      <h4 id="does-response-match-metadatalist">Does <var>response</var> match <var>metadataList</var>?</h4>
 
       <ol>
         <li>Let <var>parsedMetadata</var> be the result of
-<a href="#parse-metadata.x">parsing <var>metadataList</var></a>.</li>
+<a href="#parse-metadata">parsing <var>metadataList</var></a>.</li>
         <li>If <var>parsedMetadata</var> is <code>no metadata</code>, return <code>true</code>.</li>
         <li>If <a href="#is-response-eligible-for-integrity-validation"><var>response</var> is not eligible for integrity
 validation</a>, return <code>true</code>.</li>
-        <li>Let <var>metadata</var> be the result of <a href="#get-the-strongest-metadata-from-set.x">getting the strongest
+        <li>Let <var>metadata</var> be the result of <a href="#get-the-strongest-metadata-from-set">getting the strongest
 metadata from <var>parsedMetadata</var></a>.</li>
         <li>For each <var>item</var> in <var>metadata</var>:
           <ol>
@@ -586,7 +585,6 @@ <h4 id="does-varresponsevar-match-varmetadatalistvar">Does <var>response</var> m
 same-origin or CORS) should fail open since they are not the result of an attack
 in the threat model of this specification. However, user agents SHOULD report
 a warning message about this failure in the developer console.</p>
-
     </section>
     <!-- Algorithms::Match -->
   </section>
@@ -865,9 +863,6 @@ <h3 id="cross-origin-data-leakage">Cross-origin data leakage</h3>
 common usernames, and specify those hashes while repeatedly attempting
 to load the document.</p>
 
-    <p>User agents SHOULD mitigate the risk by refusing to fire <code>error</code> events
-on elements which loaded non-CORS cross-origin resources, but
-some side-channels will likely be difficult to avoid.</p>
   </section>
   <!-- /Security::cross-origin -->
 
diff --git a/specs/subresourceintegrity/spec.markdown b/specs/subresourceintegrity/spec.markdown
@@ -301,6 +301,8 @@ only to simplify the algorithm description.
 
 <section>
 #### Apply <var>algorithm</var> to <var>response</var>
+{: #apply-algorithm-to-response}
+[apply-algorithm]: #apply-algorithm-to-response
 
 1.  Let <var>result</var> be the result of [applying <var>algorithm</var>][apply-algorithm]
     to the [representation data][representationdata] without any content-codings
@@ -310,11 +312,10 @@ only to simplify the algorithm description.
 2.  Let <var>encodedResult</var> be result of base64-encoding
     <var>result</var>.
 3.  Return <var>encodedResult</var>.
-
-[apply-algorithm]: #apply-algorithm-to-response
 </section><!-- Algorithms::apply -->
 <section>
 #### Is <var>response</var> eligible for integrity validation
+{: #is-response-eligible-for-integrity-validation}
 [eligible]: #is-response-eligible-for-integrity-validation
 
 In order to mitigate an attacker's ability to read data cross-origin by
@@ -363,6 +364,8 @@ checking because it won't have loaded successfully.
 </section><!-- Algorithms::eligible -->
 <section>
 #### Parse <var>metadata</var>.
+{: #parse-metadata}
+[parse]: #parse-metadata
 
 This algorithm accepts a string, and returns either `no metadata`, or a set of
 valid hash expressions whose hash functions are understood by
@@ -385,6 +388,8 @@ the user agent.
 </section><!-- Algorithms::parse -->
 <section>
 #### Get the strongest metadata from <var>set</var>.
+{: #get-the-strongest-metadata-from-set}
+[get-the-strongest]: #get-the-strongest-metadata-from-set
 
 1.  Let <var>result</var> be the empty set and <var>strongest</var> be the empty
     string.
@@ -407,6 +412,8 @@ the user agent.
 </section><!-- /Algorithms::get the strongest metadata -->
 <section>
 #### Does <var>response</var> match <var>metadataList</var>?
+{: #does-response-match-metadatalist}
+[match]: #does-response-match-metadatalist
 
 1.  Let <var>parsedMetadata</var> be the result of
     [parsing <var>metadataList</var>][parse].
@@ -455,10 +462,6 @@ same-origin or CORS) should fail open since they are not the result of an attack
 in the threat model of this specification. However, user agents SHOULD report
 a warning message about this failure in the developer console.
 {:.note}
-
-[parse]: #parse-metadata.x
-[get-the-strongest]: #get-the-strongest-metadata-from-set.x
-[match]: #does-response-match-metadatalist
 </section><!-- Algorithms::Match -->
 </section><!-- Algorithms -->
 
@@ -541,6 +544,7 @@ for all possible subresources, i.e., `a`, `audio`, `embed`, `iframe`, `img`,
 
 <section>
 #### The `integrity` attribute
+{: #the-integrity-attribute}
 
 The `integrity` attribute represents [integrity metadata][] for an element.
 The value of the attribute MUST be either the empty string, or at least one
@@ -612,6 +616,7 @@ failed resource with a different one.
 
 <section>
 ###### The `link` element for stylesheets
+{: #the-link-element-for-stylesheets}
 
 Whenever a user agent attempts to [obtain a resource][] pointed to by a
 `link` element that has a `rel` attribute with the keyword of `stylesheet`,
@@ -630,6 +635,7 @@ value of the element's `integrity` attribute.
 
 <section>
 ###### The `script` element
+{: #the-script-element}
 
 Replace step 14.1 of HTML5's ["prepare a script" algorithm][prepare] with:
 
