W3C home > Mailing lists > Public > public-html@w3.org > November 2007

Re: Feedback on the ping="" attribute (ISSUE-1)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Fri, 09 Nov 2007 10:41:01 +0100
Message-ID: <47342B2D.1060909@gmx.de>
To: Boris Zbarsky <bzbarsky@MIT.EDU>
CC: "public-html@w3.org" <public-html@w3.org>

Boris Zbarsky wrote:
> Julian Reschke wrote:
>> I don't see anything in Amazon, for instance, being a link but unsafe.
> 
> As I always tell my students, as single example does not a proof make.

That's a widely known site that almost everybody knows.

Can you point to a widely used site that violates that principle?

> ...
>> How can it be not on purpose. It's not trivial to hide a POST behind a 
>> text link.
> 
> Sure it is.  <a onclick="form.sumbit()">.

Should have said "with scripting turned off".

> ...
> I think you're trying to get the door closed after the horse escaped and 
> the barn burned down....

Well. I think that when we design new protocols or languages, saying 
"it's already broken, let's continue to add more stuff like that" is the 
wrong approach. But maybe it's just me.

Best regards, Julian
Received on Friday, 9 November 2007 09:41:17 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:38:50 UTC