On Thu, 20 Dec 2007 02:17:29 +0100, Close, Tyler J. <tyler.close@hp.com> wrote: > There is also a significant factual error in the document's Introduction: > > """ > However, it is not possible to exchange the contents of resources or > manipulate resources "cross-domain". > """ > > It *is* possible to manipulate resources "cross-domain". An HTML page > can contain a FORM which submits an HTTP request "cross-domain". > Submission of this request can be automated using Javascript. The Same > Origin Policy only prevents the HTML page from accessing the response to > the issued request. Manipulation is allowed. Only responses are > protected, not requests. Ian already replied to your earlier comment. I believe the introduction is "fixed" in the editor's draft: http://dev.w3.org/2006/waf/access-control/#introduction > Below are comments from Doug Crockford: > > [...] I believe there are more elegant and reliable approaches to > providing a safe alternatives to the script tag hack. I'd be interested in hearing about such a proposal. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>Received on Thursday, 20 December 2007 11:54:39 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:24 GMT