W3C home > Mailing lists > Public > public-appformats@w3.org > August 2006

[AC] other issues

From: Anne van Kesteren <annevk@opera.com>
Date: Fri, 04 Aug 2006 16:07:44 -0400
To: public-appformats@w3.org
Message-ID: <op.tdrzi6wu64w2qv@id-c0020.hsd1.ma.comcast.net>

I think I identified some new issues that probably need to be looked at as  
well.

* Do we need to say anything on when UAs have to check the access control  
mechanisms (HTTP header and XML processing instruction)? For example, for  
a typical safe request (same-domain) would the UA still verify with the  
access control mechanism that it can indeed request the resource?

* Error handling. This consists of two separate issues.

- Currently it is not defined what happens when someone uses a  
pseudo-attribute not defined to be valid in the processing instruction.

- Currently it is not defined what happens when someone uses invalid  
syntax inside one of the psuedo-attributes. We could either directly put  
the resource in default access state or even access denied state (to be  
sure) or just say the particular attribute is to be ignored or the whole  
processing instruction is to be ignored. One reason for putting the  
resource into the access denied state is that I might want to ban domain A  
explicitly, but typed AA.

* For ease of authoring I think we should allow whitespace at the start  
and end of the pseudo-attribute values as well. For the HTTP header we  
should not allow new lines there by the way, but I assume that's clear...


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Friday, 4 August 2006 20:14:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:20 GMT