- From: Anne van Kesteren <annevk@opera.com>
- Date: Sun, 14 May 2006 13:11:06 +0200
- To: "Bjoern Hoehrmann" <derhoermi@gmx.net>, "Mark Nottingham" <mnot@yahoo-inc.com>
- Cc: "Web APIs WG (public)" <public-webapi@w3.org>
On Fri, 21 Apr 2006 15:58:27 +0200, Bjoern Hoehrmann <derhoermi@gmx.net>
wrote:
>> example) would contain a user name and password. I *assume* you're
>> referring to the userinfo production in RFC3986; e.g.,
>> http://user:pass@host.name/path/?query
>> It may be better to use this terminology ("userinfo") explicitly,
>> along with an appropriate reference.
>>
>> Also, AIUI, the security gods have determined that userinfo is a no-
>> no in URLs, and IE (for example) doesn't support it (at least in the
>> browser, ...
>
> Internet Explorer removed support for illegal HTTP URLs such as the one
> you've provided above because it has been abused too much in phishing
> mails. For other schemes where this is perfectly valid, like ftp, it
> works just fine in Internet Explorer.
What does IE does in such cases and do we want the draft to reflect that?
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Sunday, 14 May 2006 11:11:21 UTC