W3C home > Mailing lists > Public > public-webapi@w3.org > April 2006

Re: several messages

From: Ian Hickson <ian@hixie.ch>
Date: Tue, 18 Apr 2006 17:55:30 +0000 (UTC)
To: Ian Davis <ian.davis@talis.com>
Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, public-webapi@w3.org
Message-ID: <Pine.LNX.4.62.0604181748240.21459@dhalsim.dreamhost.com>

On Tue, 18 Apr 2006, Ian Davis wrote:
>
> Those are interesting ideas but my proposal is specifically to limit the 
> scope of which 3rd party hosts can be accessed by the XHR object. Why is 
> that out of scope?

Well, it seems you'd want all the restrictions in one place, rather than 
have restriction policies for each feature specced out separately. Also, 
it would be very strange to restrict XHR while not restricting the dozens 
of other ways of doing cross-site communication -- if what you're trying 
to do is leak information, you don't care whether you're using cross-site
XMLHttpRequest or an older system (indeed, the older the better, as it'll 
work with more browsers).

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 18 April 2006 17:55:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:54 GMT