W3C home > Mailing lists > Public > public-appformats@w3.org > August 2007

Re: Heads-up: Some buzz about access-control

From: Jonas Sicking <jonas@sicking.cc>
Date: Fri, 31 Aug 2007 16:59:32 -0700
Message-ID: <46D8AB64.6080902@sicking.cc>
To: public-appformats@w3.org

Thomas Roessler wrote:
> Apparently, the Mozilla folks have announced support for the
> access-control spec, and caused some buzz about it.
> I've dropped some pointers to this WG's public comment address.

I tried to reply on the blog the forwarded message links to, but it 
seems to have comments disabled at this point.

Unfortunately the guy doesn't seem to neither have read the relevant 
specs, nor done even the most basic testing. None of the attacks he 
describe work, or rely on bugs in the server that would already allow 
XSS attacks.

The latest Firefox3 alpha does have access-control support for XHR, 
though using a now outdated spec. I plan on updating to the latest spec 

/ Jonas
Received on Friday, 31 August 2007 23:59:39 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:50:07 UTC