W3C home > Mailing lists > Public > public-webapi@w3.org > April 2006

Re: several messages

From: Ian Davis <ian.davis@talis.com>
Date: Tue, 18 Apr 2006 18:39:06 +0100
Message-ID: <4445243A.9070304@talis.com>
To: Ian Hickson <ian@hixie.ch>
CC: Bjoern Hoehrmann <derhoermi@gmx.net>, public-webapi@w3.org

On 18/04/2006 18:14, Ian Hickson wrote:
> I'm not sure that's simpler, but more importantly, I would suggest that is 
> out of scope for this specification. You may be interested in work that 
> Gervase Markham has been doing on this topic:
> 
>    http://www.gerv.net/security/content-restrictions/
> 
> ...as well as discussions of a <sandbox> element in the WHATWG list, e.g.:
> 
>    http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2005-December/005294.html
> 
Those are interesting ideas but my proposal is specifically to limit the 
scope of which 3rd party hosts can be accessed by the XHR object. Why is 
that out of scope?

Ian
Received on Tuesday, 18 April 2006 17:39:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:54 GMT