[whatwg] password option for window.prompt?

On 22/05/07, Kristof Zelechovski <giecrilj at stegny.2a.pl> wrote:
> And besides, the bookmarklet uses the javascript protocol, which, IIRC, is
> designed to produce a new document on the fly, not to modify the current
> one.
> I do not think that a bookmarklet should be permitted to access the
> document that is being displayed in the browser.

I don't like "javascript:" referred to as a protocol.  The first part
of a URI is called a scheme which normally refers to a transfer
protocol in the case of URLs.  Javascript is not a protocol, not even
a pseudo one.

However, I'm quite comfortable with having "javascript:" as a private
naming scheme.  It clearly addresses the script engine.

I don't know why the javascript URI was designed, but I don't think
javascript URIs necessarily need to load new documents, because normal
URIs don't have to, a URI of "#top" is relative to the current
document.

I don't think it's a good idea to write a bookmarklet for password
management.  Most browsers already offer that feature.

It would be a shame to disallow bookmarklets DOM access, you can do so
many useful things (like rewind certain BBC radio shows on Listen
Again).  I think it would be more appropriate to allow denial of
script access to password fields, which some browsers do already.

I'm more against allowing "javascript:" URIs in the HTML source, they
should only be allowed via JS DOM operations to reinforce progressive
enhancement practice.

-- 
Lee

Received on Tuesday, 22 May 2007 08:38:28 UTC