SRI: Fixed several broken title links.

joelweinberger · joelweinberger · commit c5abfd123ef1 · 2015-07-27T15:47:46.000-07:00
diff --git a/specs/subresourceintegrity/index.html b/specs/subresourceintegrity/index.html
@@ -424,7 +424,7 @@ <h4 id="priority">Priority</h4>
     <h3 id="response-verification-algorithms">Response verification algorithms</h3>
 
     <section>
-      <h4 id="apply-varalgorithmvar-to-varresponsevar">Apply <var>algorithm</var> to <var>response</var></h4>
+      <h4 id="apply-algorithm-to-response">Apply <var>algorithm</var> to <var>response</var></h4>
 
       <ol>
         <li>Let <var>result</var> be the result of <a href="#apply-algorithm-to-response">applying <var>algorithm</var></a>
@@ -436,11 +436,10 @@ <h4 id="apply-varalgorithmvar-to-varresponsevar">Apply <var>algorithm</var> to <
 <var>result</var>.</li>
         <li>Return <var>encodedResult</var>.</li>
       </ol>
-
     </section>
     <!-- Algorithms::apply -->
     <section>
-      <h4 id="is-varresponsevar-eligible-for-integrity-validation">Is <var>response</var> eligible for integrity validation</h4>
+      <h4 id="is-response-eligible-for-integrity-validation">Is <var>response</var> eligible for integrity validation</h4>
 
       <p>In order to mitigate an attacker’s ability to read data cross-origin by
 brute-forcing values via integrity checks, responses are only eligible for such
@@ -865,9 +864,6 @@ <h3 id="cross-origin-data-leakage">Cross-origin data leakage</h3>
 common usernames, and specify those hashes while repeatedly attempting
 to load the document.</p>
 
-    <p>User agents SHOULD mitigate the risk by refusing to fire <code>error</code> events
-on elements which loaded non-CORS cross-origin resources, but
-some side-channels will likely be difficult to avoid.</p>
   </section>
   <!-- /Security::cross-origin -->
 
diff --git a/specs/subresourceintegrity/spec.markdown b/specs/subresourceintegrity/spec.markdown
@@ -301,6 +301,8 @@ only to simplify the algorithm description.
 
 <section>
 #### Apply <var>algorithm</var> to <var>response</var>
+{: #apply-algorithm-to-response}
+[apply-algorithm]: #apply-algorithm-to-response
 
 1.  Let <var>result</var> be the result of [applying <var>algorithm</var>][apply-algorithm]
     to the [representation data][representationdata] without any content-codings
@@ -310,11 +312,10 @@ only to simplify the algorithm description.
 2.  Let <var>encodedResult</var> be result of base64-encoding
     <var>result</var>.
 3.  Return <var>encodedResult</var>.
-
-[apply-algorithm]: #apply-algorithm-to-response
 </section><!-- Algorithms::apply -->
 <section>
 #### Is <var>response</var> eligible for integrity validation
+{: #is-response-eligible-for-integrity-validation}
 [eligible]: #is-response-eligible-for-integrity-validation
 
 In order to mitigate an attacker's ability to read data cross-origin by
