- From: <wizard@newsreports.org>
- Date: Thu, 05 Feb 2004 18:16:53 -0500
- To: ietf-http-wg-request@w3.org
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
RFC2396 describes a generic URI scheme, including 3.2. Authority Component, without specific application. Going back to HTML 4.01(as an example), it permits at 2.1.3, Relative URIs. But, RFC2616 makes no allowance for Relative URI's. And that is exactly what I am getting at in my earlier message. The protocol has nothing to do with what is on the HTML page and what a browser does with an element on the page. The thought that I had in the last few days was: Is it not possible, when username@password is encountered, to pop up the usual login dialog box with the elements filled in? The dialog box already shows the authentication domain. This would require an explicit action on the part of the user and gives the user notification that an authentication is being attempted and the host that the user is going to. It is the *silent* bypassing of this dialog through the *interpretation* of username@password that is causing it to be a difficulty in the case at hand. Popping up a dialog box is much less draconian than ignoring username@password altogether. Since Monday, I have received correspondence from a very large e-commerce payment system who are concerned with this very problem. I can tell by from the email address used to receive the correspondence that the inquiries did not result from my posting here on the list, but rather were related to searching for a solution. This company is the number one ranked company in their payment method. They know that the proposed change will break their systems at the customer level. They are not happy campers. They are not Paypal, but of similar magnitude. It has already been mentioned that Paypal payment links will break. Bob Julian Reschke wrote: > > wizard@newsreports.org wrote: > > > ... > > If the argument is that 3.2.2 prescribes the > > semantics of the href attribute of the HTML <A> > > tag, then there is a lot of broken HMTL code > > out there because it quite common to use > > either root relative, or relative URL's in > > href attributes. The fact that common browsers > > know what to do about this would be due to > > their interpretative abilities. By extension, > > username:password@ is also an interpretive > > ability. > > ... > > As a matter of fact, RFC2396 and the HTML spec describe what can go into > an HTML href. The URL format used in HTTP messages is completely > irrelevant here. And yes, of course relative URIs are allowed here. > > > ... > > Julian > > -- > <green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760 -- ------------------------------------------------------------------ FREE DOWNLOADS iis bandwidth protection -- http://coldlink.com/ iis password protection -- http://wanderware.com/ ------------------------------------------------------------------ ..
Received on Thursday, 5 February 2004 18:13:47 UTC