From d04a7ddff3b480e8beaeab564798a00e1cfded47 Mon Sep 17 00:00:00 2001
From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 29 Nov 2024 09:42:59 +0100
Subject: [PATCH] Editorial: check forbidden domain code points in domain to
 ASCII

Fixes #818.
---
 url.bs | 36 ++++++++++++++++++++++--------------
 1 file changed, 22 insertions(+), 14 deletions(-)

diff --git a/url.bs b/url.bs
index 2f475eb..dfca47a 100644
--- a/url.bs
+++ b/url.bs
@@ -116,16 +116,6 @@ valid input. User agents, especially conformance checkers, are encouraged to rep
     <p class=note>If details about <a abstract-op lt=ToASCII>Unicode ToASCII</a> errors are
     recorded, user agents are encouraged to pass those along.
    <td class=yes>Yes
-  <tr>
-   <td><dfn>domain-to-Unicode</dfn>
-   <td>
-    <p><a abstract-op lt=ToUnicode>Unicode ToUnicode</a> records an error. [[UTS46]]
-    <p class=note>The same considerations as with <a>domain-to-ASCII</a> apply.
-   <td class=no>·
- <tbody>
-  <tr>
-   <th colspan=3 scope=rowgroup><a href=#host-parsing>Host parsing</a>
-  <!-- host parser -->
   <tr>
    <td><dfn>domain-invalid-code-point</dfn>
    <td>
@@ -137,6 +127,15 @@ valid input. User agents, especially conformance checkers, are encouraged to rep
      <p>"<code>https://exa%23mple.org</code>"
     </div>
    <td class=yes>Yes
+  <tr>
+   <td><dfn>domain-to-Unicode</dfn>
+   <td>
+    <p><a abstract-op lt=ToUnicode>Unicode ToUnicode</a> records an error. [[UTS46]]
+    <p class=note>The same considerations as with <a>domain-to-ASCII</a> apply.
+   <td class=no>·
+ <tbody>
+  <tr>
+   <th colspan=3 scope=rowgroup><a href=#host-parsing>Host parsing</a>
   <!-- opaque-host parser -->
   <tr>
    <td><dfn>host-invalid-code-point</dfn>
@@ -899,7 +898,7 @@ concepts.
 <h3 id=idna>IDNA</h3>
 
 <div algorithm>
-<p>The <dfn id=concept-domain-to-ascii>domain to ASCII</dfn> algorithm, given a <a>string</a>
+<p>The <dfn id=concept-domain-to-ascii>domain to ASCII</dfn> algorithm, given a <a for=/>string</a>
 <var>domain</var> and a boolean <var>beStrict</var>, runs these steps:
 
 <ol>
@@ -921,6 +920,18 @@ concepts.
  <li><p>If <var>result</var> is the empty string, <a>domain-to-ASCII</a> <a>validation error</a>,
  return failure.
 
+ <li>
+  <p>If <var>beStrict</var> is false and <var>result</var> contains a
+  <a>forbidden domain code point</a>, <a>domain-invalid-code-point</a> <a>validation error</a>,
+  return failure.
+
+  <p class=note>Due to web compatibility and compatibility with non-DNS-based systems the
+  <a>forbidden domain code points</a> are a subset of those disallowed when <i>UseSTD3ASCIIRules</i>
+  is true. See also <a href="https://github.com/whatwg/url/issues/397">issue #397</a>.
+
+ <li><p><a for=/>Assert</a>: <var>result</var> does not contain a
+ <a>forbidden domain code point</a>.
+
  <li><p>Return <var>result</var>.
 </ol>
 
@@ -1034,9 +1045,6 @@ false), and then runs these steps. They return failure or a <a for=/>host</a>.
 
  <li><p>If <var>asciiDomain</var> is failure, then return failure.
 
- <li><p>If <var>asciiDomain</var> contains a <a>forbidden domain code point</a>,
- <a>domain-invalid-code-point</a> <a>validation error</a>, return failure.
-
  <li><p>If <var>asciiDomain</var> <a lt="ends in a number checker">ends in a number</a>, then return
  the result of <a lt="IPv4 parser">IPv4 parsing</a> <var>asciiDomain</var>.