- From: Adam Barth <ietf@adambarth.com>
- Date: Tue, 19 Apr 2011 23:42:58 -0700
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Maciej Stachowiak <mjs@apple.com>, public-iri@w3.org
On Tue, Apr 19, 2011 at 11:31 PM, Julian Reschke <julian.reschke@gmx.de> wrote: > On 20.04.2011 08:22, Adam Barth wrote: >> ... >> It's a moderate problem in practice. For example, every browser I'm >> aware of has had (historically) security bugs arising from subtly >> different URL processing by various components. We also have examples >> of compatibility problems with web sites arising from different URL >> processing by browsers. >> ... > > Yes. Sure. > > My question was: do the differences in the behavior of the decomposition > attributes cause problems in practice? What type of code is using them? (I > really want to know :-). I'm not sure I fully understand what question you're asking, but segmenting URLs into components is super important. For example, at least one of the security bugs I referred to above revolved around two different URL parsers segmenting the host differently, leading to disagreement about which security context the URL belonged to. > I think it would be great if one result of this WG's activity would be the > definition of a standard JS API for processing URIs/IRIs/references in > browsers. That's on my list, but not for this working group. I don't think the IETF should be in the business of speccing JavaScript APIs. This particular API should either be part of the HTML standard (e.g., as the HTMLAnchorElement interface), in TC39 (e.g., as part of the ECMAScript standard library), or in a stand-alone document at the W3C. Adam
Received on Wednesday, 20 April 2011 06:43:56 UTC