From 4af672b91e797b537d36384e26176e994b647d4a Mon Sep 17 00:00:00 2001
From: Dominique Hazael-Massieux <dom@w3.org>
Date: Wed, 4 Sep 2024 14:34:04 +0200
Subject: [PATCH] Reject ICE servers with an authority component or /

Complete integration of URL parser from #2853
see also https://github.com/w3c/webrtc-pc/issues/2997#issuecomment-2328528755
This aligns with the constraints set in the respective RFC (and thus with the current WebRTC Rec)
---
 amendments.json |  2 +-
 webrtc.html     | 12 +++++++-----
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/amendments.json b/amendments.json
index a9e2017a1..e52c9c3b4 100644
--- a/amendments.json
+++ b/amendments.json
@@ -55,7 +55,7 @@
     },
     {
       "description": "Use the url spec to parse ice server urls",
-      "pr": 2853,
+      "pr": [2853, 2998],
       "type": "correction",
       "status": "candidate",
       "id": 33
diff --git a/webrtc.html b/webrtc.html
index 97982864d..31d9c54cc 100644
--- a/webrtc.html
+++ b/webrtc.html
@@ -3058,7 +3058,7 @@ <h4>
                     <ol>
                       <li>
                         <p>Let <var>parsedURL</var> be the result of
-                        <a data-cite="!url#concept-url-parser">parsing</a>
+                        [=basic url parser|parsing=]
                         <var>url</var>.</p>
                       </li>
                       <li>
@@ -3069,9 +3069,10 @@ <h4>
                           <li><var>parsedURL</var>'s [=url/scheme=] is neither `"stun"`,
                           `"stuns"`, `"turn"`, nor `"turns"`</li>
                           <li><var>parsedURL</var> does not have an [=url/opaque path=]</li>
-                          <li><var>parsedURL</var>'s' [=url/fragment=] is non-null</li>
-                          <li><var>parsedURL</var>'s' [=url/scheme=] is `"stun"` or `"stuns"`,
-                          and <var>parsedURL</var>'s' [=url/query=] is non-null</li>
+			  <li><var>parsedURL</var>'s [=url/opaque path=] contains one or more `"/"` or `"@"`</li>
+                          <li><var>parsedURL</var>'s [=url/fragment=] is non-null</li>
+                          <li><var>parsedURL</var>'s [=url/scheme=] is `"stun"` or `"stuns"`,
+                          and <var>parsedURL</var>'s [=url/query=] is non-null</li>
                         </ul>
                       </li>
                       <li>
@@ -3080,12 +3081,13 @@ <h4>
                       </li>
                       <li>
                         <p>Let <var>hostAndPortURL</var> be result of
-                        <a data-cite="!url#concept-url-parser">parsing</a> the concatenation of
+                        [=basic url parser|parsing=] the concatenation of
                         `"https://"` and <var>parsedURL</var>'s [=url/path=].</p>
                       </li>
                       <li>
                         <p>If <var>hostAndPortURL</var> is failure, then [=exception/throw=] a
                         "{{SyntaxError}}" {{DOMException}}.</p>
+			<p>If <var>hostAndPortURL</var>'s [=url/path=], [=url/username=], or [=url/password=] is non-null, then [=exception/throw=] a "{{SyntaxError}}" {{DOMException}}.</p>
                         <p class="note">For "stun" and "stuns" schemes, this validates
                         [[!RFC7064]] section 3.1.<br>
                         For "turn" and "turns" schemes, this and the steps below validate