W3C home > Mailing lists > Public > public-html@w3.org > March 2012

Re: ISSUE-195: form-http-req - Chairs Solicit Alternate Proposals or Counter-Proposals

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 22 Mar 2012 10:37:16 +0100
To: "Julian Reschke" <julian.reschke@gmx.de>
Cc: public-html@w3.org, "Edward O'Connor" <eoconnor@apple.com>
Message-ID: <op.wbkfoe1d64w2qv@annevk-macbookpro.local>
On Thu, 22 Mar 2012 10:19:53 +0100, Julian Reschke <julian.reschke@gmx.de>  
wrote:
> On 2012-03-22 10:11, Anne van Kesteren wrote:
>> On Wed, 21 Mar 2012 23:47:00 +0100, Edward O'Connor <eoconnor@apple.com>
>> wrote:
>>> Please consider this zero edit Change Proposal for ISSUE-195:
>>>
>>> http://www.w3.org/html/wg/wiki/User:Eoconnor/ISSUE-195
>>
>> Strong support. The other proposal is completely insecure.
>
> If there's something insecure about it, you probably should point out  
> what it is.

Allowing cross-origin methods not previously allowed, allowing  
manipulation of headers cross-origin. Your basic insecure stuff that  
should have been known if the people making that change proposal had  
actually compared it to XMLHttpRequest.


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Thursday, 22 March 2012 09:38:00 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:31 UTC