W3C home > Mailing lists > Public > www-forms@w3.org > August 2004

XForms - Secure or Insecure?

From: Aaron Reed <mozillaxforms@yahoo.com>
Date: Tue, 24 Aug 2004 20:49:47 +0000 (UTC)
To: www-forms@w3.org
Message-ID: <loom.20040824T224735-562@post.gmane.org>

I also have a question about XForms security.  For example, the formsPlayer
example at: http://www.formsplayer.com/community/samples/google-search.html.

Running this example in a browser should raise eyebrows.  Submitting SOAP to 
domains DIFFERENT from the one where the page was downloaded and REPLACING
content in the current page so that the user doesn't have any kind of cue that
something just happened seems like the kind of power for a form that we don't
want to encourage (in a browser context, at least).  Is this something that is
going to be addressed in the 1.1 spec when the SOAP stuff goes in?

--Aaron
Received on Wednesday, 25 August 2004 16:01:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 10 March 2012 06:21:58 GMT