W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2008

Re: [access-control] Update

From: Jonas Sicking <jonas@sicking.cc>
Date: Thu, 10 Jul 2008 06:17:29 -0500
Message-ID: <4875EFC9.8010901@sicking.cc>
To: Anne van Kesteren <annevk@opera.com>, Web Applications Working Group WG <public-webapps@w3.org>

Jonas Sicking wrote:
> Anne van Kesteren wrote:
>>
>> On Thu, 10 Jul 2008 01:13:52 +0200, Jonas Sicking <jonas@sicking.cc> 
>> wrote:
>>> Anne van Kesteren wrote:
>>>>  This is exactly how postMessage() works and it seems nice to align 
>>>> with that.
>>>
>>> I am very strongly against this syntax as it gives a false sense of 
>>> security. To the point where I don't think I'd be willing to 
>>> implement it in firefox. The fact that postMessage allows this sounds 
>>> very unfortunate and something that I will look into fixing in that 
>>> spec.
>>
>> Let me know how that works out. postMessage() is shipping already in 
>> various implementations...
> 
> I will keep you updated.
> 
> Until then I very strongly feel we need to change the parsing rules to 
> refer to rfcs 3986 and 3490 the way the previous draft did.

To make it clear, since i'll be on vacation and won't be very responsive 
on email the coming week, the current syntax is not acceptible to 
mozilla. If referring to the above rfcs is not an option for some 
reason, we need to define the syntax in some other way that disallows 
full uris that includes paths.

/ Jonas
Received on Thursday, 10 July 2008 11:18:56 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:27 GMT