W3C home > Mailing lists > Public > public-html@w3.org > September 2008

Re: Question about origin serialization

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Fri, 26 Sep 2008 19:08:59 -0400
Message-ID: <48DD6B8B.2060706@mit.edu>
To: Ian Hickson <ian@hixie.ch>
CC: HTML WG <public-html@w3.org>

Ian Hickson wrote:
> How would the identifier be used?

If nothing else (for things like Access-Control) to differentiate a UA 
that doesn't support the spec at all from a UA that happens to be doing 
things with a unique identifier origin...

It would also make it possible to have a well-defined way of performing 
origin comparisons as string comparisons.

> It seems better not to expose the internal IDs, lest someone manage to use the exposed ID to trick the user 
> agent or a page somehow.

I agree that this might be a concern.

-Boris
Received on Friday, 26 September 2008 23:09:50 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:23 GMT