Re: About comment #2 from Shadi Abou-Zahra on 2007-06-20 (public-wai-ert@w3.org from June 2007)

From: Shadi Abou-Zahra <shadi@w3.org>
Date: Wed, 20 Jun 2007 18:21:00 +0200
To: public-wai-ert@w3.org
Message-ID: <467953EC.1000205@w3.org>
Hi,

Firstly, I think Carlos is right and there is a typo in [2] -it should 
probably read "forms with method *POST* are permissible in documents 
under test" (as opposed to *GET*).

Still, this only means that the checker will not throw an error because 
a Web page has a form that uses the POST method. However, the checker 
will not follow this path (submit the form and check the output).

So I agree with Johannes' intervention, there is currently no way to 
test Web sites that depend on the POST method. This could include sites 
that use login forms. This should be clarified.

Moreover, I also agree with the intervention(**) that the assumption on 
the idempotent behaviour of GET vs POST is wrong. The effect of a given 
request is application specific rather than HTTP (or HTTPS).

Regards,
   Shadi
PS: (**) I agree with the disagreement ;)


Carlos Iglesias wrote:
> 
> Hi,
> 
> Ref: [http://www.w3.org/2002/09/wbs/32094/mOK_LCWD_response/results#xc2]
> 
> In the last draft [1] at section "2.3.8 Visible Linked Resources" [2] the group noted that "forms with method get are permissible in documents under test, but must not be checked in case posting caused unwanted side effects such as the addition of unwanted records to a database"
> 
> My understanding of the question know is that they want to avoid the use of POST methods in checkers to prevent harmful misues from a mobileOK implementation (have a look at [3], Member only), and this is why they allow POST methods in content being tested but they force to use the GET method while testing [4] (so POST are never going to be tested). Please note that my understanding is only correct in they mean POST where they use GET in the previous quoted text (I think it's a typo).
> 
> I think this scenario changes our current vision of the issue, IMO the proper place for the explanation should be [4] and not the current location [2] (or maybe both of them), but appart from this, it seems to be a pretty good reason for disallowing POST methods in the implementations, isn't it?
> 
> 
> [1] - [http://www.w3.org/TR/2007/WD-mobileOK-basic10-tests-20070525/]
> [2] - [http://www.w3.org/TR/mobileOK-basic10-tests/#visible_linked_resources]
> [3] - [http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-mobileOK-basic10-tests-20070130/1604]
> [4] - [http://www.w3.org/TR/mobileOK-basic10-tests/#http_request]
> 
> Regards,
>  CI.
> 
>  
> --------------------------------------
> 
> Carlos Iglesias
> 
> CTIC Foundation
> Science and Technology Park of Gijón
> 33203 - Gijón, Asturias, Spain 
> 
> phone: +34 984291212
> fax: +34 984390612
> email: carlos.iglesias@fundacionctic.org
> URL: http://www.fundacionctic.org
> 
> 

-- 
Shadi Abou-Zahra     Web Accessibility Specialist for Europe |
Chair & Staff Contact for the Evaluation and Repair Tools WG |
World Wide Web Consortium (W3C)           http://www.w3.org/ |
Web Accessibility Initiative (WAI),   http://www.w3.org/WAI/ |
WAI-TIES Project,                http://www.w3.org/WAI/TIES/ |
Evaluation and Repair Tools WG,    http://www.w3.org/WAI/ER/ |
2004, Route des Lucioles - 06560,  Sophia-Antipolis - France |
Voice: +33(0)4 92 38 50 64          Fax: +33(0)4 92 38 78 22 |
Received on Wednesday, 20 June 2007 16:24:06 UTC