W3C home > Mailing lists > Public > public-web-security@w3.org > May 2011

Re: Violation reports

From: Bil Corry <bil@corry.biz>
Date: Sat, 28 May 2011 08:57:50 -0700
Message-ID: <4DE11B7E.2010107@corry.biz>
To: Adam Barth <w3c@adambarth.com>
CC: Gervase Markham <gerv@mozilla.org>, Brandon Sterne <bsterne@mozilla.com>, public-web-security@w3.org
Adam Barth wrote on 4/28/2011 12:39 AM:
> On Wed, Apr 27, 2011 at 4:08 AM, Gervase Markham<gerv@mozilla.org>  wrote:
>> On 26/04/11 21:17, Adam Barth wrote:
>>> Surely form-urlencoding is more widely implemented by HTTP servers
>>> than JSON.  Every HTTP server made in the past decade and a half
>>> understands form-urlencoding.  Moreover, they'll continue to
>>> understand it if/when JSON goes out of fashion (e.g., assuming
>>> <form>    and form elements are here to stay).
>>
>> JSON has the advantage of being human-readable, which form-urlencoding
>> really doesn't. JSON is now baked into the web platform in the form of the
>> JSON object, so is unlikely to "go out of fashion".
>
> Essentially all HTTP servers that receive data from browsers receive
> data in form-urlencoding because that's how the form element works.
> It's far and away the most common way browsers send key/value pairs to
> HTTP servers.  I just don't see a compelling reason why this API
> should be randomly different.

I agree, I'd rather receive it as form-urlencoding but I'm wondering if the way the report is sent could be an option for those who prefer JSON.


- Bil
Received on Saturday, 28 May 2011 15:58:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 28 May 2011 16:00:02 GMT