W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2008

Re: [Widgets] Requirements LC

From: Arve Bersvendsen <arveb@opera.com>
Date: Fri, 20 Jun 2008 10:08:32 +0200
To: "Marcos Caceres" <marcosscaceres@gmail.com>, "public-webapps@w3.org" <public-webapps@w3.org>
Message-ID: <op.uc1fkidnbyn2jm@galactica>

On Fri, 20 Jun 2008 09:11:42 +0200, Marcos Caceres  
<marcosscaceres@gmail.com> wrote:

> On Fri, Jun 20, 2008 at 5:04 PM, Marcos Caceres
> <marcosscaceres@gmail.com> wrote:
>> To which Timeless replied...
>>>
>>> Yes, that is possible (using XHR to load the config from within the
>>> package), but then you have to walk an XML tree which sucks. The other
>>> way is to use the properties that we have bound to the Widget object.
>>> Check out http://dev.w3.org/2006/waf/widgets-api/Overview.src.html
>>
>> yeah, i'm sure such things are possible in some theoretical sense, but
>> i want to make sure that the API you're asking for doesn't
>> specifically do/enable this.
>>
>
> Arve? What does the proposed security policy say about this? Can XHR
> be used to GET resources inside the package?

The security policy proposed by Opera (and mostly implemented already)  
allows you to XHR any content stored within the package archive itself,  
just as it would allow you to include the contents of a package through  
<script src>, <img src> et al.   This happens through treating a widget:  
protocol URI where the identifier-portion matches the instance ID of the  
widget as being same-origin.  Thus, allowing XHR is an (intended)  
side-effect, so you can read other content from the widget (configuration  
data stored in an XML file or template snippets used throughout the  
application, for instance), and I don't think a specification will need to  
mention or reference XHR specifically, except perhaps informatively.


-- 
Arve Bersvendsen

Developer, Opera Software ASA, http://www.opera.com/
Received on Friday, 20 June 2008 08:10:09 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:26 GMT