W3C home > Mailing lists > Public > public-webapi@w3.org > November 2005

Re: Ajax Back/Forward History problem document state by document.save()

From: Kenny <kennyheaton@gmail.com>
Date: Mon, 21 Nov 2005 07:44:35 -0800
Message-ID: <65b4e01f0511210744q7e56e51sb3aeba723edccaa4@mail.gmail.com>
To: public-webapi@w3.org

I have to agree with Sylvain, that I think users would evolve as web
application do and the need for that back button might become
unnecessary. Of course in the mean time there should be something to
help the who still want to use the back button, but as fast as Ajax is
growing, users may evolve before new technology can be implemented.

My big concern with both document.save and pushState is security. The
pushState method has a recommendation for security, "It is suggested
that to avoid letting a page "hijack" the history navigation
facilities of a UA by abusing pushState(), the UA provide the user
with a way to jump back to the previous page (rather than just going
back to the previous state).", but if this is not implemented,
malicious developers could take control of the users navigation.

The document.save method has the added risk that someone could put
URI's in the history to pages the user never visited and dose not want
to visit without them knowing.

Kenny
Received on Monday, 21 November 2005 16:00:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:52 GMT