W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2009

Re: clients ignoring brokenness of sites

From: Adam Barth <w3c@adambarth.com>
Date: Wed, 22 Jul 2009 21:06:16 -0700
Message-ID: <7789133a0907222106v1db0047fu2f4e3ebed8ea789c@mail.gmail.com>
To: Adrien de Croy <adrien@qbik.com>
Cc: Adrian Chadd <adrian@creative.net.au>, HTTP Working Group <ietf-http-wg@w3.org>
On Wed, Jul 22, 2009 at 8:43 PM, Adrien de Croy<adrien@qbik.com> wrote:
> my issue is that there will never be any incentive for sites to clean
> themselves up as long as browsers ignore the problems (This particular
> problem is not helped either by IIS5 not enforcing compliance of script
> output).
>
> This then puts pressure on proxy vendors to follow the lead of the browsers,
> and basically ignore / work around the problems, or attempt to clean up the
> response.
>
> This is the spawning ground of security problems.

Indeed.

In the alternative, one could produce an HTTP spec that contained
detailed error recovery instructions.  This approach would save the
next proxy vendor from having to relearn these lessons the hard way.

Adam
Received on Thursday, 23 July 2009 04:07:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:08 GMT