On Thu, 10 Jul 2008 01:13:52 +0200, Jonas Sicking <jonas@sicking.cc> wrote: > Anne van Kesteren wrote: >> This is exactly how postMessage() works and it seems nice to align >> with that. > > I am very strongly against this syntax as it gives a false sense of > security. To the point where I don't think I'd be willing to implement > it in firefox. The fact that postMessage allows this sounds very > unfortunate and something that I will look into fixing in that spec. Let me know how that works out. postMessage() is shipping already in various implementations... > I don't want to carry this mistake forward into Access-Control. It seems bad to do something totally different, especially since it's pretty obvious what the net result is. >>> Additionally, the way the spec was written before we could create a >>> conformat implementation now without having to worry about HTML5 >>> changing things under us. >> >> Well, in the end we want all those concepts implemented in the same way >> everywhere, right? So I'm not sure how this matters. > > So why not let HTML5 refer to Access-Control? I don't really see how that would work. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>Received on Thursday, 10 July 2008 05:26:58 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:00 GMT