W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2008

Re: [XHR] LC comments from the XForms Working Group

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Fri, 13 Jun 2008 12:44:55 -0500
Message-ID: <4852B217.5080404@mit.edu>
To: Mark Birbeck <mark.birbeck@webbackplane.com>
CC: Anne van Kesteren <annevk@opera.com>, public-webapps@w3.org, public-forms@w3.org

Mark Birbeck wrote:
> Since when have W3C specifications been written only for certain
> audiences?

Uh...  Are you serious?  The SVG Tiny specs aren't written for certain 
audiences, for example?

> The whole point of the process of review and 'last call' is
> to get comments from various interested parties. You are saying that
> you have already decided who the interested parties are.

I think it's more a matter of not all interested parties necessarily being 
created equal.  If you haven't read it yet, I urge you to read 
<http://dbaron.org/log/2006-08#e20060818a>.

(Note that this is a general comment, not specific to this particular point 
about Window.)

> I don't really follow this.

For one thing, XMLHttpRequest same-origin checking needs to work the same exact 
way as all otehr same-origin checking in the UA, to avoid introducing security 
bugs.  HTML5 will define same-origin checking in HTML.  It was decided to 
reference this rather than duplicating a large chunk of that spec and possibly 
having spec skew).

If we have a better proposal for how that goal (that the same definition of 
"same origin" is used everywhere) can be accomplished, I agree that would be nice.

Similar for the other things Window gives us now (base URI definition, etc).

Perhaps we should define how these things work when we're in a Window and make 
it clear that any use of XHR in any other context will mean it's the other 
context's responsibility to define exactly how XHR behaves there, and list all 
the constraints such a definition must satisfy.

> If browser vendors (of all shades, not just Microsoft) had
> 'taken the web into account' in the past, then Thomas Fuchs, Sam
> Stephenson and John Resig would not be as celebrated as they are. So
> forgive me if I don't trumpet the arrival of the cavalry in the form
> of limited specifications created by some of the browser vendors.

I'm not sure I follow this.  "Taking the web into account" does not preclude new 
functionality; it just limits what the spec can do with already-implemented 
functionality.

> And before you reply about 'ivory towers', and 'designing for the real
> web', etc., the XForms WG is only asking for one or two lines to be
> added to the spec.

See above about ensuring certain things about security policy; it wasn't clear 
to me that your addition addresses that issue sufficiently.

> The frightening thing about your attitude here is that it is
> completely counter to the prevailing trend that embraces code-sharing,
> open source, anti-patents, open standards, and so on.

Just as a note, open source doesn't mean arbitrary changes or features are 
accepted.  Neither should open standards, though it often seems like they do 
work that way.

(That's not a comment on the particular suggestion here; just a general 
philosophical point in response to your general claim.)

-Boris
Received on Friday, 13 June 2008 17:46:15 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:25 GMT