w3c · marcoscaceres · Aug 17, 2021 · Sep 18, 2020 · Sep 21, 2020 · Sep 21, 2020
diff --git a/index.html b/index.html
@@ -47,7 +47,7 @@
       };
     
   
-  
+   secure-contexts
     
       
         This specification defines an API for sharing text, links and other
@@ -147,7 +147,7 @@
           
             If the current settings object's responsible document is not
             allowed to use the "[=web-share-feature|web-share=]"
-            permission, return [=a promise rejected with=] with a
+            permission, return [=a promise rejected with=] a
             {{"NotAllowedError"}} {{DOMException}}.
             
             If {{[[sharePromise]]}} is not `null`, return a promise
@@ -161,32 +161,21 @@
             
             [=Consume user activation=] of |window|.
             
-            If none of |data|'s members {{ShareData/title}},
-            {{ShareData/text}}, or {{ShareData/url}} or {{ShareData/file}} are
-            present, return a promise rejected with a {{TypeError}}.
+            If {{[[sharePromise]]}} is not `null`, return [=a promise
+            rejected with=] {{InvalidStateError}}.
             
-            If |data|'s {{ShareData/files}} member is present:
-              
-                If |data|'s {{ShareData/files}} member is empty, or if the
-                implementation does not support file sharing, return a
-                promise rejected with a {{TypeError}}, and abort these
-                steps.
-                
-              
+            Let |base:URL| be the [=this=] value's relevant settings
+            object's [=environment settings object/api base URL=].
+            
+            If [=validate share data=] with |data| and |base| returns
+            false, then return [=a promise rejected with=] a {{TypeError}}.
             
             If |data|'s {{ShareData/url}} member is present:
               
-                Let |base:URL| be the [=this=] value's relevant settings
-                object's [=environment settings object/api base URL=].
-                
                 Let |url:URL| be the result of running the URL
                 parser on |data|'s {{ShareData/url}} with |base|.
                 
-                If |url| is failure, return a promise rejected with
-                {{TypeError}}.
-                
-                If |url|'s [=URL/scheme=] is not "http" or "https", return
-                a promise rejected with {{TypeError}}.
+                Assert: |url| is {{URL}}.
                 
                 Set |data| to a copy of |data|, with its {{ShareData/url}}
                 member set to the result of running the URL serializer
@@ -195,7 +184,7 @@
               
             
             If a file type is being blocked due to security considerations,
-            return a promise rejected with
+            return [=a promise rejected with=] with a {{"NotAllowedError"}}
             {{DOMException}}.
             
             Set {{[[sharePromise]]}} to be a new promise.
@@ -269,6 +258,55 @@
             or bypassing the UI if there is only a single share target.
           
         
+        
+          
+            Validate share data
+          
+          
+            To validate share data with |data:ShareData| and
+            |base:URL|, run the following steps:
+          
+          
+            If none of |data|'s members {{ShareData/title}},
+            {{ShareData/text}}, or {{ShareData/url}} or {{ShareData/files}} are
+            present, return false.
+            
+            Let |titleTextOrUrl:boolean| be true if any of
+            {{ShareData/title}}, or {{ShareData/text}}, or {{ShareData/url}} is
+            present.
+            
+            If |data|'s {{ShareData/files}} member is present:
+              
+                If |titleTextOrUrl| is false, and if |data|'s
+                {{ShareData/files}} member is empty, or return false.
+                  
+                    This causes a `{ files: [] }` dictionary to be treated as
+                    an empty dictionary. However, passing a dictionary like
+                    `{text: "text" files: []}` is fine, as `files` is just
+                    ignored.
+                  
+                
+                If the implementation does not support file sharing, return
+                false.
+                
+              
+            
+            If |data|'s url member is present:
+              
+                Let |url:URL| be the result of running the [=URL parser=]
+                on |data|'s url, with |base|, and no encoding override.
+                
+                If |url| is failure, return false.
+                
+                If |url|'s [=URL/scheme=] is not "http" or "https", return
+                false.
+                
+              
+            
+            Return true.
+            
+          
+        
       
       
         
@@ -459,9 +497,13 @@
         native applications.
         
         Due to the capabilities of the API surface, {{Navigator/share()}}
-        is available only in secure contexts
+        method is restricted to [=secure contexts=] (such as `https://`
         schemes).
         
+        Third-party contexts require that they be [=allowed to use=] the
+        {{Navigator/share()}} method is one of the mechanisms described in
+        [[[permissions-policy]]].
+        
         Use of {{Navigator/share()}} from a 
         "https://en.wikipedia.org/wiki/Privacy_mode">private browsing mode
         might leak private data to a third-party application that does not
@@ -508,8 +550,7 @@
             when information should be confidential, so forwarding any content
             presents a risk. In particular, the {{ShareData/title}} might be
             used by an attacker to trick a user into misinterpreting the nature
-            of the content.
-