W3C home > Mailing lists > Public > public-html@w3.org > September 2008

Re: Question about origin serialization

From: Ian Hickson <ian@hixie.ch>
Date: Fri, 26 Sep 2008 21:29:34 +0000 (UTC)
To: Boris Zbarsky <bzbarsky@MIT.EDU>
Cc: HTML WG <public-html@w3.org>
Message-ID: <Pine.LNX.4.62.0809262123450.8014@hixie.dreamhostps.com>

On Fri, 26 Sep 2008, Boris Zbarsky wrote:
> 
> Section 5.3 has algorithms for serializing origins which include:
> 
>   "If the origin in question is not a scheme/host/port tuple, then
>    return the empty string and abort these steps."
> 
> This seems suboptimal to me, since it loses information.  Better would be to
> create a serialization of the globally unique identifier if that's what the
> origin is.  The spec need not mandate how this is done, as long as the
> serialization has a good chance of really being globally unique.
> 
> Is there a strong reason for the current behavior?

How would the identifier be used? It seems better not to expose the 
internal IDs, lest someone manage to use the exposed ID to trick the user 
agent or a page somehow.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 26 September 2008 21:30:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:23 GMT