W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2004

Re: Microsoft to Strike IE URL Passwords

From: Roy T. Fielding <fielding@gbiv.com>
Date: Fri, 30 Jan 2004 17:49:54 -0800
Cc: mikehow@microsoft.com, HTTP Working Group <ietf-http-wg@w3.org>
To: wizard@newsreports.org
Message-Id: <C42E6E46-538F-11D8-A4B3-000393753936@gbiv.com>

On Friday, January 30, 2004, at 05:27  PM, wizard@newsreports.org wrote:
> But, username:password@example.com is a valid uri in
> the http protocol.  It follows, therefore, that it is
> a valid HREF value in an <A> tag. If the browser then
> does something other than is intended when the <A> tag
> is invoked, then it is arguably non-compliant.

That form of URI has been officially deprecated by the IETF
for over 9 years.  The HTTP standard doesn't even allow it
for "http" URIs.

....Roy
Received on Friday, 30 January 2004 20:49:36 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:27 GMT