W3C home > Mailing lists > Public > public-webapi@w3.org > May 2006

Re: XMLHttpRequest Object feedback

From: Anne van Kesteren <annevk@opera.com>
Date: Sun, 14 May 2006 13:11:06 +0200
To: "Bjoern Hoehrmann" <derhoermi@gmx.net>, "Mark Nottingham" <mnot@yahoo-inc.com>
Cc: "Web APIs WG (public)" <public-webapi@w3.org>
Message-ID: <op.s9jf0sdb64w2qv@id-c0020.oslo.opera.com>

On Fri, 21 Apr 2006 15:58:27 +0200, Bjoern Hoehrmann <derhoermi@gmx.net>  
wrote:
>> example) would contain a user name and password. I *assume* you're
>> referring to the userinfo production in RFC3986; e.g.,
>>   http://user:pass@host.name/path/?query
>> It may be better to use this terminology ("userinfo") explicitly,
>> along with an appropriate reference.
>>
>> Also, AIUI, the security gods have determined that userinfo is a no-
>> no in URLs, and IE (for example) doesn't support it (at least in the
>> browser, ...
>
> Internet Explorer removed support for illegal HTTP URLs such as the one
> you've provided above because it has been abused too much in phishing
> mails. For other schemes where this is perfectly valid, like ftp, it
> works just fine in Internet Explorer.

What does IE does in such cases and do we want the draft to reflect that?


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Sunday, 14 May 2006 11:11:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:55 GMT