W3C home > Mailing lists > Public > public-web-security@w3.org > April 2011

Re: Violation reports

From: Adam Barth <w3c@adambarth.com>
Date: Thu, 28 Apr 2011 00:39:43 -0700
Message-ID: <BANLkTikZHX1eHYRF1KbH-hJxjGTH2jqi1A@mail.gmail.com>
To: Gervase Markham <gerv@mozilla.org>
Cc: Brandon Sterne <bsterne@mozilla.com>, public-web-security@w3.org
On Wed, Apr 27, 2011 at 4:08 AM, Gervase Markham <gerv@mozilla.org> wrote:
> On 26/04/11 21:17, Adam Barth wrote:
>> Surely form-urlencoding is more widely implemented by HTTP servers
>> than JSON.  Every HTTP server made in the past decade and a half
>> understands form-urlencoding.  Moreover, they'll continue to
>> understand it if/when JSON goes out of fashion (e.g., assuming
>> <form>  and form elements are here to stay).
>
> JSON has the advantage of being human-readable, which form-urlencoding
> really doesn't. JSON is now baked into the web platform in the form of the
> JSON object, so is unlikely to "go out of fashion".

Essentially all HTTP servers that receive data from browsers receive
data in form-urlencoding because that's how the form element works.
It's far and away the most common way browsers send key/value pairs to
HTTP servers.  I just don't see a compelling reason why this API
should be randomly different.

Adam
Received on Thursday, 28 April 2011 07:40:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 28 April 2011 07:40:43 GMT