Re: Microsoft to Strike IE URL Passwords from Roy T. Fielding on 2004-01-31 (ietf-http-wg@w3.org from January to March 2004)

From: Roy T. Fielding <fielding@gbiv.com>
Date: Fri, 30 Jan 2004 17:49:54 -0800
To: wizard@newsreports.org
Cc: mikehow@microsoft.com, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <C42E6E46-538F-11D8-A4B3-000393753936@gbiv.com>

On Friday, January 30, 2004, at 05:27  PM, wizard@newsreports.org wrote:
> But, username:password@example.com is a valid uri in
> the http protocol.  It follows, therefore, that it is
> a valid HREF value in an <A> tag. If the browser then
> does something other than is intended when the <A> tag
> is invoked, then it is arguably non-compliant.

That form of URI has been officially deprecated by the IETF
for over 9 years.  The HTTP standard doesn't even allow it
for "http" URIs.

....Roy

Received on Friday, 30 January 2004 20:49:36 UTC