W3C home > Mailing lists > Public > public-web-security@w3.org > May 2011

Re: Violation reports

From: Bil Corry <bil@corry.biz>
Date: Sat, 28 May 2011 09:05:19 -0700
Message-ID: <4DE11D3F.8090100@corry.biz>
To: Bil Corry <bil@corry.biz>
CC: Adam Barth <w3c@adambarth.com>, Gervase Markham <gerv@mozilla.org>, Brandon Sterne <bsterne@mozilla.com>, public-web-security@w3.org
Bil Corry wrote on 5/28/2011 8:57 AM:
> Adam Barth wrote on 4/28/2011 12:39 AM:
>> On Wed, Apr 27, 2011 at 4:08 AM, Gervase Markham<gerv@mozilla.org> wrote:
>>> On 26/04/11 21:17, Adam Barth wrote:
>>>> Surely form-urlencoding is more widely implemented by HTTP servers
>>>> than JSON. Every HTTP server made in the past decade and a half
>>>> understands form-urlencoding. Moreover, they'll continue to
>>>> understand it if/when JSON goes out of fashion (e.g., assuming
>>>> <form> and form elements are here to stay).
>>> JSON has the advantage of being human-readable, which form-urlencoding
>>> really doesn't. JSON is now baked into the web platform in the form of the
>>> JSON object, so is unlikely to "go out of fashion".
>> Essentially all HTTP servers that receive data from browsers receive
>> data in form-urlencoding because that's how the form element works.
>> It's far and away the most common way browsers send key/value pairs to
>> HTTP servers. I just don't see a compelling reason why this API
>> should be randomly different.
> I agree, I'd rather receive it as form-urlencoding but I'm wondering if the way the report is sent could be an option for those who prefer JSON.

Or the reverse -- I'm not attached to which is the default.

- Bil
Received on Saturday, 28 May 2011 16:05:52 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:18 UTC