W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2008

Re: [selectors-api]

From: Lachlan Hunt <lachlan.hunt@lachy.id.au>
Date: Wed, 16 Jul 2008 14:22:49 +0200
Message-ID: <487DE819.1040603@lachy.id.au>
To: Steven Pemberton <steven.pemberton@cwi.nl>
Cc: public-webapps <public-webapps@w3.org>

Steven Pemberton wrote:
> On Fri, 15 Feb 2008 16:28:07 +0100, Anne van Kesteren <annevk@opera.com> 
> wrote:
>> On Fri, 15 Feb 2008 16:18:34 +0100, Steven Pemberton 
>> <steven.pemberton@cwi.nl> wrote:
>>> I would prefer "Implementations should ensure that they do not crash 
>>> or behave erratically" if you see my point.
>>>
>>> But what I don't understand is why the spec thinks that a hostile 
>>> NSResolver should be called out, or even what such a thing is.
>>
>> To ensure that naïve implementors don't overlook the potential issue 
>> here. An implementation of NSResolver can be provided by the script 
>> author as the specification explains and the script author can do all 
>> kinds of weird things that don't match a conforming implementation of 
>> NSResolver (such as mutating the DOM tree).
> 
> Then I think that wording like that would make the issue clearer (though 
> I think stupidity rather than hostility would be a more likely risk).

As the NSResolver has now been removed from the specification, so has 
this security requirement. Therefore, I'm closing this issue because 
it's no longer relevant.

-- 
Lachlan Hunt - Opera Software
http://lachy.id.au/
http://www.opera.com/
Received on Wednesday, 16 July 2008 12:23:29 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:27 GMT