W3C home > Mailing lists > Public > public-html@w3.org > September 2008

Re: Question about origin serialization

From: Ian Hickson <ian@hixie.ch>
Date: Sat, 27 Sep 2008 00:11:02 +0000 (UTC)
To: Boris Zbarsky <bzbarsky@MIT.EDU>
Cc: HTML WG <public-html@w3.org>
Message-ID: <Pine.LNX.4.62.0809270009400.8014@hixie.dreamhostps.com>

On Fri, 26 Sep 2008, Boris Zbarsky wrote:
> Ian Hickson wrote:
> > How would the identifier be used?
> 
> If nothing else (for things like Access-Control) to differentiate a UA that
> doesn't support the spec at all from a UA that happens to be doing things with
> a unique identifier origin...

Wouldn't the "null" value that has to be passed in such cases be enough to 
detect those cases?


> It would also make it possible to have a well-defined way of performing 
> origin comparisons as string comparisons.

I agree that would be a possible benefit.


> > It seems better not to expose the internal IDs, lest someone manage to 
> > use the exposed ID to trick the user agent or a page somehow.
> 
> I agree that this might be a concern.

It seems, though I could of course be wrong, that exposing internals is a 
bigger disadvantage than the benefit gained.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Saturday, 27 September 2008 00:20:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:23 GMT