W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

call for reviewers: XMLHttpRequest Last Call

From: Thomas Roessler <tlr@w3.org>
Date: Sun, 6 Dec 2009 13:35:39 +0100
Message-Id: <A9AD0EFC-B287-4CA6-BF93-D68AFD334126@w3.org>
Cc: Thomas Roessler <tlr@w3.org>
To: public-web-security@w3.org
The XMLHttpRequest spec is in Last Call till 16 December:

> XMLHttpRequest
> W3C Working Draft 19 November 2009
> This Version:
> 	http://www.w3.org/TR/2009/WD-XMLHttpRequest-20091119/

A review from a security perspective would be a Good Thing.

Particularly interesting pieces:

- this is the place where the same origin policy for XMLHttpRequest is defined
- behavior upon redirects
- needs security considerations on, e.g., DNS rebinding

Any takers?

Thanks,
--
Thomas Roessler, W3C  <tlr@w3.org>
Received on Sunday, 6 December 2009 12:35:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:01 GMT