W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2008

Re: [access-control] Update

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 10 Jul 2008 07:26:24 +0200
To: "Jonas Sicking" <jonas@sicking.cc>
Cc: "WebApps WG" <public-webapps@w3.org>
Message-ID: <op.ud19eauk64w2qv@annevk-t60.oslo.opera.com>

On Thu, 10 Jul 2008 01:13:52 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
> Anne van Kesteren wrote:
>>  This is exactly how postMessage() works and it seems nice to align  
>> with that.
> I am very strongly against this syntax as it gives a false sense of  
> security. To the point where I don't think I'd be willing to implement  
> it in firefox. The fact that postMessage allows this sounds very  
> unfortunate and something that I will look into fixing in that spec.

Let me know how that works out. postMessage() is shipping already in  
various implementations...

> I don't want to carry this mistake forward into Access-Control.

It seems bad to do something totally different, especially since it's  
pretty obvious what the net result is.

>>> Additionally, the way the spec was written before we could create a  
>>> conformat implementation now without having to worry about HTML5  
>>> changing things under us.
>> Well, in the end we want all those concepts implemented in the same way  
>> everywhere, right? So I'm not sure how this matters.
> So why not let HTML5 refer to Access-Control?

I don't really see how that would work.

Anne van Kesteren
Received on Thursday, 10 July 2008 05:26:58 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:11 UTC