X-Git-Url: https://git.distorted.org.uk/~mdw/chopwood/blobdiff_plain/8c4d90a32395301a94508c5e1efee600a3b0c0c8..b569edae18d4742f679924cd880271d578d01c43:/cookies.fhtml

diff --git a/cookies.fhtml b/cookies.fhtml
index 4b3019f..f8862b3 100644
--- a/cookies.fhtml
+++ b/cookies.fhtml
@@ -35,9 +35,9 @@ means).
 
 <h2>What do you need this cookie for?</h2>
 
-<p>The cookie contains a token which tells the server that you've logged in
-properly.  We could have chosen to use a hidden form field to carry this
-token about, but that causes other trouble.
+<p>The cookie contains a token which tells the server that you&rsquo;ve
+logged in properly.  We could have chosen to use a hidden form field to
+carry this token about, but that causes other trouble.
 
 <p>For example, if we used <b>GET</b> requests then the token would appear as
 part of a URL, where it would end up being written in the location bar of
@@ -46,7 +46,7 @@ services; this obviously has an adverse effect on security.  Also, the token
 is kind of long and ugly.
 
 <p>We could avoid this problem by using <b>POST</b> requests everywhere, but
-that causes other trouble.  In particular, you'd get that annoying
+that causes other trouble.  In particular, you&rsquo;d get that annoying
 <blockquote>
   The page that you&rsquo;re looking for used information that you
   entered.  Returning to hat page might cause any action that you took to be
@@ -54,7 +54,7 @@ that causes other trouble.  In particular, you'd get that annoying
 </blockquote>
 message whenever you hit the reload button.
 
-<h2>What's in this cookie?</h2>
+<h2>What&rsquo;s in this cookie?</h2>
 
 <p>If you actually look at the cookie, you find that it looks something like
 this:
@@ -74,30 +74,30 @@ that if UTC had existed back then in its current form).
 <dd>This is just a random string.  When you change a password, the server
 checks that the request includes a copy of this nonce, as a protection
 against
-<a href='http://en.wikipedia.org/wiki/Cross-site_request_forgery'><em>cross-site
+<a href="http://en.wikipedia.org/wiki/Cross-site_request_forgery"><em>cross-site
 request forgery</em></a> attacks.
 
 <dt>Tag
-<dd>This is a cryptographic check that the other parts of the token haven't
-been modfied by an attacker.
+<dd>This is a cryptographic check that the other parts of the token
+haven&rsquo;t been modfied by an attacker.
 
 <dt>User name
 <dd>Your user name, in plain text.
 </dl>
 
-<h2>How do I know you're not using this as part of some hideous behavioural
-advertising scheme?</h2>
+<h2>How do I know you&rsquo;re not using this as part of some hideous
+behavioural advertising scheme?</h2>
 
-<p>That's tricky.  I could tell you that this program is
-<a href='http://www.gnu.org/philosophy/free-sw.html'>free software</a>, and
+<p>That&rsquo;s tricky.  I could tell you that this program is
+<a href="http://www.gnu.org/philosophy/free-sw.html">free software</a>, and
 that you can
 <a href="~={script}H/~={package}H-~={version}H.tar.gz">">download its
 source code</a> and check for yourself.
 
-<p>That's true, except that it shouldn't do much to convince you that this
-server is actually running the code it claims to be.  And anyway, Chopwood
-itself represents only one of many bits of software which could be keeping
-track of you somehow through this cookie.
+<p>That&rsquo;s true, except that it shouldn&rsquo;t do much to convince
+you that this server is actually running the code it claims to be.  And
+anyway, Chopwood itself represents only one of many bits of software
+which could be keeping track of you somehow through this cookie.
 
 <p>So, really, it comes down to trust.  Sorry.