W3C home > Mailing lists > Public > public-webapi@w3.org > May 2008

Re: XHR LC comments

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 27 May 2008 14:29:16 +0200
Message-ID: <483BFE9C.7070309@gmx.de>
To: Anne van Kesteren <annevk@opera.com>
CC: "Web API WG (public)" <public-webapi@w3.org>

Anne van Kesteren wrote:
>>>  I deferred this issue to HTML5 for now by referencing the recently 
>>> introduced definition of "same origin" there. That makes more sense 
>>> because if any changes to that definition are made there it would 
>>> also affect XMLHttpRequest.
>>
>> Pointer, please?
> 
>   http://www.whatwg.org/specs/web-apps/current-work/#same-origin

No, I was looking for a pointer to what actually changed (which wasn't 
in CVS when I wrote the mail).

You're still avoiding the question whether the URL parameter can be an 
IRI. I would assume it can't, in which case the spec should require it 
to conform to RFC3986.

If it's known to be a URI, do we really need to refer to HTML5 for 
same-origin detection?

>>>>>> When they are a string, then taking about character encoding doesn't
>>>>>> make any sense here.
>>>>>
>>>>>  Actually, since you need to encode them for the request it does.
>>>>
>>>> But that totally depends on the authentication scheme. I think 
>>>> you're confusing layers here.
>>>
>>>  It does depend on that and that is mentioned.
>>
>> Are you referring to: "14. If the user argument was not omitted and is 
>> not null let stored user be user  encoded using the encoding specified 
>> in the relevant authentication scheme or UTF-8 if the scheme fails to 
>> specify an encoding."?
>>
>> This has two problems:
>>
>> - it makes "stored used" an octet sequence, not a string.
> 
> What is the problem?

Well, octet sequences usually are not stored in strings but in byte arrays.

I think what the spec currently says is confusing, and likely to cause 
damage in practice.

>> - it simply doesn't work in practice, for instance for Basic 
>> Authentication
> 
> You're not really helping finding the right solution here. This was 
> added for basic authentication if I remember correctly as it does not 
> specify any encoding.

Sometimes there is no simple solution.

Basic Authentication is not defined in terms of UTF-8, and, as far as I 
know, is not using it in practice, so suggesting that in XHR is a bug.

>> The goal for examples should be to illustrate a specific feature, not 
>> to promote a specific coding practice (at least not when doing the 
>> latter affects the readability).
> 
> I don't think it affects readability that much.

It probably doesn't affect you (because you prefer that notation 
anyway), but minimally it affects me. And if it affects me, it's likely 
to affect others as well.

BR, Julian
Received on Tuesday, 27 May 2008 12:36:55 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 May 2008 12:36:55 GMT