- From: Jonas Sicking <jonas@sicking.cc>
- Date: Thu, 10 Jul 2008 06:17:29 -0500
- To: Anne van Kesteren <annevk@opera.com>, Web Applications Working Group WG <public-webapps@w3.org>
Jonas Sicking wrote: > Anne van Kesteren wrote: >> >> On Thu, 10 Jul 2008 01:13:52 +0200, Jonas Sicking <jonas@sicking.cc> >> wrote: >>> Anne van Kesteren wrote: >>>> This is exactly how postMessage() works and it seems nice to align >>>> with that. >>> >>> I am very strongly against this syntax as it gives a false sense of >>> security. To the point where I don't think I'd be willing to >>> implement it in firefox. The fact that postMessage allows this sounds >>> very unfortunate and something that I will look into fixing in that >>> spec. >> >> Let me know how that works out. postMessage() is shipping already in >> various implementations... > > I will keep you updated. > > Until then I very strongly feel we need to change the parsing rules to > refer to rfcs 3986 and 3490 the way the previous draft did. To make it clear, since i'll be on vacation and won't be very responsive on email the coming week, the current syntax is not acceptible to mozilla. If referring to the above rfcs is not an option for some reason, we need to define the syntax in some other way that disallows full uris that includes paths. / Jonas
Received on Thursday, 10 July 2008 11:18:56 UTC