W3C home > Mailing lists > Public > public-webapi@w3.org > May 2006

Re: XMLHttpRequest Object feedback

From: Anne van Kesteren <annevk@opera.com>
Date: Sun, 14 May 2006 13:11:06 +0200
To: "Bjoern Hoehrmann" <derhoermi@gmx.net>, "Mark Nottingham" <mnot@yahoo-inc.com>
Cc: "Web APIs WG (public)" <public-webapi@w3.org>
Message-ID: <op.s9jf0sdb64w2qv@id-c0020.oslo.opera.com>

On Fri, 21 Apr 2006 15:58:27 +0200, Bjoern Hoehrmann <derhoermi@gmx.net>  
>> example) would contain a user name and password. I *assume* you're
>> referring to the userinfo production in RFC3986; e.g.,
>>   http://user:pass@host.name/path/?query
>> It may be better to use this terminology ("userinfo") explicitly,
>> along with an appropriate reference.
>> Also, AIUI, the security gods have determined that userinfo is a no-
>> no in URLs, and IE (for example) doesn't support it (at least in the
>> browser, ...
> Internet Explorer removed support for illegal HTTP URLs such as the one
> you've provided above because it has been abused too much in phishing
> mails. For other schemes where this is perfectly valid, like ftp, it
> works just fine in Internet Explorer.

What does IE does in such cases and do we want the draft to reflect that?

Anne van Kesteren
Received on Sunday, 14 May 2006 11:11:21 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:16:21 UTC