On Thu, 07 Jun 2007 01:13:40 +0200, Jonas Sicking <jonas@sicking.cc> wrote: >> * What happens when the XML is not well-formed and how does this >> interact with incremental parsing. > > This one is tricky for sure. IMHO we can't require that AC checks fail > if the document fails to fully parse. In my implementation I plan to > stop parsing once I hit the first start tag and if access hasn't been > granted yet at that point abort. I don't want, for security reasons, to > create any DOM nodes at all if access is denied, so it's not an option > to create a full DOM and then do access checks. This is now clarified by the specification. It specifies what you suggest. > I also thought of a pretty important use-case that requires "deny" in > the PIs. If the server sets an allow header, but you want to put a file > on that server that you *don't* want people from other servers to have > access to, you need to be able to specify that directly in the file. It > is not enough to simply not put any AC PIs in the file since then the > servers 'accept' will be used. You could use <?access-control allow="*" exclude="*"?> However, I added <?access-control deny=...?> for now. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>Received on Wednesday, 13 June 2007 09:20:09 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:22 GMT