W3C home > Mailing lists > Public > www-dom@w3.org > April to June 2006

Re: DOM Level 2 HTML form.submit() safety / security

From: Mark Nottingham <mnot@mnot.net>
Date: Mon, 24 Apr 2006 07:21:59 -0700
Message-Id: <9AC0CFCE-1128-4937-815F-1A7505F43F9C@mnot.net>
Cc: www-dom@w3.org
To: Anne van Kesteren <annevk@opera.com>

OK. I'm by no means a DOM expert. I'm merely pointing out that  
there's an apparent conflict between DOM -- as widely used today --  
and the Web architecture. It may be, as you point out, that there are  
multiple conflicts.

In regards to doing what; as I said, a note regarding the safety  
implications would go a long way towards at least making implementers  
aware of the implications.


On 2006/04/24, at 6:32 AM, Anne van Kesteren wrote:

> On Thu, 20 Apr 2006 22:42:31 +0200, Mark Nottingham <mnot@mnot.net>  
> wrote:
>> In theory the requirements are inherited and therefore no further  
>> specification is required, but in practice people didn't realise  
>> the implications of form.submit() until it was too late.
> Too late to do what? Note that .submit() is not the only way to  
> submit a form through scripting. You could also use synthesized  
> events for example.
> -- 
> Anne van Kesteren
> <http://annevankesteren.nl/>
> <http://www.opera.com/>

Mark Nottingham     http://www.mnot.net/
Received on Monday, 24 April 2006 14:22:14 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 20 October 2015 10:46:13 UTC