- From: Jonas Sicking <jonas@sicking.cc>
- Date: Fri, 31 Aug 2007 16:59:32 -0700
- To: public-appformats@w3.org
Thomas Roessler wrote: > Apparently, the Mozilla folks have announced support for the > access-control spec, and caused some buzz about it. > > I've dropped some pointers to this WG's public comment address. I tried to reply on the blog the forwarded message links to, but it seems to have comments disabled at this point. Unfortunately the guy doesn't seem to neither have read the relevant specs, nor done even the most basic testing. None of the attacks he describe work, or rely on bugs in the server that would already allow XSS attacks. The latest Firefox3 alpha does have access-control support for XHR, though using a now outdated spec. I plan on updating to the latest spec soon. / Jonas
Received on Friday, 31 August 2007 23:59:39 UTC