diff --git a/index.bs b/index.bs
index 2de933c..5ab8dd2 100644
--- a/index.bs
+++ b/index.bs
@@ -326,11 +326,11 @@ For the main sanitize operation, using a {{ParentNode}} |node|, a
1. Then [=remove an attribute|remove=] |attr|.
1. If the [=navigating URL attributes list=] [=SanitizerConfig/contains=]
«[|elementName|, |attrName|]» and |attr|
- [=contains a javascript URL=]:
+ [=contains a javascript: URL=]:
1. Then [=remove an attribute|remove=] |attr|.
1. If |child|'s [=Element/namespace=] [=string/is=] the
[=MathML Namespace=] and |attr|'s [=Attr/local name=] [=string/is=]
- "`href`" and |attr| [=contains a javascript URL=]:
+ "`href`" and |attr| [=contains a javascript: URL=]:
1. Then [=remove an attribute|remove=] |attr|.
1. If the [=animating URL attributes list=] [=SanitizerConfig/contains=]
«[|elementName|, |attrName|]» and |attr|'s
@@ -344,9 +344,9 @@ For the main sanitize operation, using a {{ParentNode}} |node|, a
-Note: Current browsers support `javascript` URLs
+Note: Current browsers support `javascript:` URLs
only when navigating. Since navigation itself is not an XSS threat we treat
-navigation to `javascript` URLs, but not navigations in general.
+navigation to `javascript:` URLs, but not navigations in general.
Declarative navigation falls into a handful of categories:
@@ -364,11 +364,13 @@ to cover a "per-namespace global" rule. The animation case is covered by the
-To determine whether an |attribute| contains a javascript URL, do this:
+To determine whether an |attribute| contains a javascript: URL, do this:
1. Let |url| be the result of running the [=basic URL parser=]
on |attribute|'s [=get an attribute value|value=].
-1. Return whether |url|'s [=url/scheme=] [=string/is=] "`javascript`".
+1. Let |contains javascript: url| be:
+ |url| is not `failure` and |url|'s [=url/scheme=] [=string/is=] "`javascript`".
+1. Return |contains javascript: url|.