- From: Carlos Iglesias <carlos.iglesias@fundacionctic.org>
- Date: Wed, 20 Jun 2007 18:39:34 +0200
- To: "Shadi Abou-Zahra" <shadi@w3.org>, <public-wai-ert@w3.org>
Hi, > Firstly, I think Carlos is right and there is a typo in [2] > -it should probably read "forms with method *POST* are > permissible in documents under test" (as opposed to *GET*). Then, we should be taking note for our comments, as it's a important typo that changes the meaning. > Still, this only means that the checker will not throw an > error because a Web page has a form that uses the POST > method. However, the checker will not follow this path > (submit the form and check the output). > > So I agree with Johannes' intervention, there is currently no > way to test Web sites that depend on the POST method. This > could include sites that use login forms. This should be clarified. I think it's been clarified but in the wrong place. > Moreover, I also agree with the intervention(**) that the > assumption on the idempotent behaviour of GET vs POST is > wrong. The effect of a given request is application specific > rather than HTTP (or HTTPS). In this case, if you say that both could be implicitly equally harmfult if you misuse them, then this is the key question, as there is no reason to ban one in favour of the other and both should be allowed (and used), and the previously clarification won't be needed (because both methods will be used). Regards, CI. > > Regards, > Shadi > PS: (**) I agree with the disagreement ;) > > > Carlos Iglesias wrote: > > > > Hi, > > > > Ref: > > [http://www.w3.org/2002/09/wbs/32094/mOK_LCWD_response/results#xc2] > > > > In the last draft [1] at section "2.3.8 Visible Linked > Resources" [2] the group noted that "forms with method get > are permissible in documents under test, but must not be > checked in case posting caused unwanted side effects such as > the addition of unwanted records to a database" > > > > My understanding of the question know is that they want to > avoid the use of POST methods in checkers to prevent harmful > misues from a mobileOK implementation (have a look at [3], > Member only), and this is why they allow POST methods in > content being tested but they force to use the GET method > while testing [4] (so POST are never going to be tested). > Please note that my understanding is only correct in they > mean POST where they use GET in the previous quoted text (I > think it's a typo). > > > > I think this scenario changes our current vision of the > issue, IMO the proper place for the explanation should be [4] > and not the current location [2] (or maybe both of them), but > appart from this, it seems to be a pretty good reason for > disallowing POST methods in the implementations, isn't it? > > > > > > [1] - > [http://www.w3.org/TR/2007/WD-mobileOK-basic10-tests-20070525/] > > [2] - > > > [http://www.w3.org/TR/mobileOK-basic10-tests/#visible_linked_resources > > ] [3] - > > > [http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-mobileOK-basic > > 10-tests-20070130/1604] [4] - > > [http://www.w3.org/TR/mobileOK-basic10-tests/#http_request] > > > > Regards, > > CI. > > > > > > -------------------------------------- > > > > Carlos Iglesias > > > > CTIC Foundation > > Science and Technology Park of Gijón > > 33203 - Gijón, Asturias, Spain > > > > phone: +34 984291212 > > fax: +34 984390612 > > email: carlos.iglesias@fundacionctic.org > > URL: http://www.fundacionctic.org > > > > > > -- > Shadi Abou-Zahra Web Accessibility Specialist for Europe | > Chair & Staff Contact for the Evaluation and Repair Tools WG | > World Wide Web Consortium (W3C) http://www.w3.org/ | > Web Accessibility Initiative (WAI), http://www.w3.org/WAI/ | > WAI-TIES Project, http://www.w3.org/WAI/TIES/ | > Evaluation and Repair Tools WG, http://www.w3.org/WAI/ER/ | > 2004, Route des Lucioles - 06560, Sophia-Antipolis - France | > Voice: +33(0)4 92 38 50 64 Fax: +33(0)4 92 38 78 22 | > >
Received on Wednesday, 20 June 2007 16:39:42 UTC