W3C home > Mailing lists > Public > public-webapi@w3.org > March 2006

Re: ACTION-61: text for embedding part of the Window object

From: Jonas Sicking <jonas@sicking.cc>
Date: Tue, 07 Mar 2006 01:20:54 -0800
Message-ID: <440D5076.8000609@sicking.cc>
To: Anne van Kesteren <annevk@opera.com>
Cc: "Web APIs WG (public)" <public-webapi@w3.org>

>> I'm not sure that it's a good idea to define the exact security 
>> policy  here. Shouldn't we allow implementations to return null rather 
>> then  throwing?
> 
> Well, at the moment it doesn't say MUST throw, but MAY throw... I'm not  
> sure yet how to handle the security cases. It's obviously important 
> enough  to mention it in the specification, but limiting the UA in what 
> it can do  may not be such a good idea either. This does not solely 
> apply to this  though. We should probably discuss in what level of 
> detail we want to  define what UAs have to do. Personally I'd be happy 
> with not defining what  they have to do but just pointing out the 
> potential security problems UAs  probably have to act upon in order to 
> make browsing secure.

Yeah, I think that might be the way to go. We should probably mention 
that an implementation is allowed to deviate from specified behaviour 
for security reasons and still be conformant to the spec.

/ Jonas
Received on Tuesday, 7 March 2006 09:20:58 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:53 GMT