W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2008

Re: [access-control] Update

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 10 Jul 2008 07:26:24 +0200
To: "Jonas Sicking" <jonas@sicking.cc>
Cc: "WebApps WG" <public-webapps@w3.org>
Message-ID: <op.ud19eauk64w2qv@annevk-t60.oslo.opera.com>

On Thu, 10 Jul 2008 01:13:52 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
> Anne van Kesteren wrote:
>>  This is exactly how postMessage() works and it seems nice to align  
>> with that.
>
> I am very strongly against this syntax as it gives a false sense of  
> security. To the point where I don't think I'd be willing to implement  
> it in firefox. The fact that postMessage allows this sounds very  
> unfortunate and something that I will look into fixing in that spec.

Let me know how that works out. postMessage() is shipping already in  
various implementations...


> I don't want to carry this mistake forward into Access-Control.

It seems bad to do something totally different, especially since it's  
pretty obvious what the net result is.


>>> Additionally, the way the spec was written before we could create a  
>>> conformat implementation now without having to worry about HTML5  
>>> changing things under us.
>>
>> Well, in the end we want all those concepts implemented in the same way  
>> everywhere, right? So I'm not sure how this matters.
>
> So why not let HTML5 refer to Access-Control?

I don't really see how that would work.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Thursday, 10 July 2008 05:26:58 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:27 GMT