W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2008

Re: [selectors-api]

From: Lachlan Hunt <lachlan.hunt@lachy.id.au>
Date: Wed, 16 Jul 2008 14:22:49 +0200
Message-ID: <487DE819.1040603@lachy.id.au>
To: Steven Pemberton <steven.pemberton@cwi.nl>
Cc: public-webapps <public-webapps@w3.org>

Steven Pemberton wrote:
> On Fri, 15 Feb 2008 16:28:07 +0100, Anne van Kesteren <annevk@opera.com> 
> wrote:
>> On Fri, 15 Feb 2008 16:18:34 +0100, Steven Pemberton 
>> <steven.pemberton@cwi.nl> wrote:
>>> I would prefer "Implementations should ensure that they do not crash 
>>> or behave erratically" if you see my point.
>>> But what I don't understand is why the spec thinks that a hostile 
>>> NSResolver should be called out, or even what such a thing is.
>> To ensure that naïve implementors don't overlook the potential issue 
>> here. An implementation of NSResolver can be provided by the script 
>> author as the specification explains and the script author can do all 
>> kinds of weird things that don't match a conforming implementation of 
>> NSResolver (such as mutating the DOM tree).
> Then I think that wording like that would make the issue clearer (though 
> I think stupidity rather than hostility would be a more likely risk).

As the NSResolver has now been removed from the specification, so has 
this security requirement. Therefore, I'm closing this issue because 
it's no longer relevant.

Lachlan Hunt - Opera Software
Received on Wednesday, 16 July 2008 12:23:29 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:11 UTC