On Feb 19, 2006, at 6:32 PM, Ian Hickson wrote: > On Sat, 18 Feb 2006, Maciej Stachowiak wrote: >> >> I thought about this some more, and it no longer makes sense to >> me. If >> off-site XBL runs in the security context of the referencing >> document, >> not the XBL document, then why would <?access-control?> be useful? > > You want to prevent people from being able to use off-site XBL files > without those files being intended for that purpose because > otherwise you > would be allowed to fetch any arbitrary XML on any site (including, > e.g., > authenticated extranet or intranet sites). OK, makes sense for this use case. Thanks for the explanation. I did not think of the XBL file itself as potentially being the target of unauthorized data access. Regards, MaciejReceived on Monday, 20 February 2006 02:38:43 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 30 October 2006 12:49:02 GMT