W3C home > Mailing lists > Public > public-webapi@w3.org > May 2008

Re: XHR LC comments

From: Julian Reschke <julian.reschke@gmx.de>
Date: Fri, 16 May 2008 09:04:30 +0200
Message-ID: <482D31FE.5050307@gmx.de>
To: Maciej Stachowiak <mjs@apple.com>
CC: Ian Hickson <ian@hixie.ch>, Anne van Kesteren <annevk@opera.com>, public-webapi@w3.org

Maciej Stachowiak wrote:
> In practice it is much more important for same-origin to be implemented 
> consistently between XHR and HTML5 (and other Web standards) than for it 
> to be precisely consistent cross-browser, as inconsistencies in the 
> same-origin policy could lead to security holes. Thus, taking a snapshot 
> of what HTML5 says and putting it in XHR1 would be a dead letter, 
> because if HTML5 changes and browsers change to match it, they will not 
> leave their XHR implementation using an older version of the security 
> policy.

Interesting enough, this seems to be exactly the opposite of what Ian 
just said :-):

Ian> The point is that Apple and Microsoft are both going to implement the
Ian> thing as required by the Web in 2000, not as defined in HTML5. 
HTML5 is
Ian> describing existing practice on these matters, not defining new 

BR, Julian
Received on Friday, 16 May 2008 07:05:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:16:26 UTC