- From: Adam Barth <w3c@adambarth.com>
- Date: Wed, 22 Jul 2009 21:06:16 -0700
- To: Adrien de Croy <adrien@qbik.com>
- Cc: Adrian Chadd <adrian@creative.net.au>, HTTP Working Group <ietf-http-wg@w3.org>
On Wed, Jul 22, 2009 at 8:43 PM, Adrien de Croy<adrien@qbik.com> wrote: > my issue is that there will never be any incentive for sites to clean > themselves up as long as browsers ignore the problems (This particular > problem is not helped either by IIS5 not enforcing compliance of script > output). > > This then puts pressure on proxy vendors to follow the lead of the browsers, > and basically ignore / work around the problems, or attempt to clean up the > response. > > This is the spawning ground of security problems. Indeed. In the alternative, one could produce an HTTP spec that contained detailed error recovery instructions. This approach would save the next proxy vendor from having to relearn these lessons the hard way. Adam
Received on Thursday, 23 July 2009 04:07:18 UTC