W3C home > Mailing lists > Public > public-webapi@w3.org > May 2008

Re: XHR LC comments

From: Maciej Stachowiak <mjs@apple.com>
Date: Thu, 15 May 2008 13:52:21 -0700
Cc: Ian Hickson <ian@hixie.ch>, Anne van Kesteren <annevk@opera.com>, public-webapi@w3.org
Message-Id: <E2A69FB4-2E6C-4880-9980-FD27368C6E88@apple.com>
To: Julian Reschke <julian.reschke@gmx.de>


On May 15, 2008, at 1:24 PM, Julian Reschke wrote:

>
>> practice, take anything away from the ability to get interoperable  
>> implemenations of the feature described in XHR1.
>
> Really?
>
> What if Apple implements the thing as defined by HTML5-as-of-2008,  
> and Microsoft as defined in HTML5-as-of-2009?
>
> If it matters, then it's a problem. If it doesn't matter, leave it  
> out of the XHR spec, as apparently, it's irrelevant for the goal  
> it's trying to achieve.

In practice it is much more important for same-origin to be  
implemented consistently between XHR and HTML5 (and other Web  
standards) than for it to be precisely consistent cross-browser, as  
inconsistencies in the same-origin policy could lead to security  
holes. Thus, taking a snapshot of what HTML5 says and putting it in  
XHR1 would be a dead letter, because if HTML5 changes and browsers  
change to match it, they will not leave their XHR implementation using  
an older version of the security policy.

Regards,
Maciej
Received on Thursday, 15 May 2008 21:16:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 15 May 2008 21:16:04 GMT