W3C home > Mailing lists > Public > public-webapi@w3.org > April 2006

Re: XMLHttpRequest Object feedback

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Fri, 21 Apr 2006 15:58:27 +0200
To: Mark Nottingham <mnot@yahoo-inc.com>
Cc: public-webapi@w3.org
Message-ID: <dtoh42d1m54lick0k5tmgv8e5doand78ho@hive.bjoern.hoehrmann.de>

* Mark Nottingham wrote:
>example) would contain a user name and password. I *assume* you're  
>referring to the userinfo production in RFC3986; e.g.,
>   http://user:pass@host.name/path/?query
>It may be better to use this terminology ("userinfo") explicitly,  
>along with an appropriate reference.
>
>Also, AIUI, the security gods have determined that userinfo is a no- 
>no in URLs, and IE (for example) doesn't support it (at least in the  
>browser, ...

Internet Explorer removed support for illegal HTTP URLs such as the one
you've provided above because it has been abused too much in phishing
mails. For other schemes where this is perfectly valid, like ftp, it
works just fine in Internet Explorer.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de
68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Friday, 21 April 2006 13:58:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:54 GMT