W3C home > Mailing lists > Public > public-geolocation@w3.org > November 2011

Re: Permission on behalf of whom

From: Steve Block <steveblock@google.com>
Date: Thu, 10 Nov 2011 15:41:49 +0000
Message-ID: <CAFun1dr1+w+DKdzj2BKMkt1T8LYf5tWF67AKOAa3_-0B6xL9hQ@mail.gmail.com>
To: Simon Pieters <simonp@opera.com>
Cc: public-geolocation <public-geolocation@w3.org>
> However, what to show in the UI is not necessarily
> the same as what to use as the "key" when storing the permission.
Agreed. The spec says nothing about the latter.

> Chrome
> uses origin (actually a pair of origins if the page is embedded in a
> cross-origin iframe), while Firefox uses the domain name, and Opera
> currently uses the domain name also.
Right, these are all compliant because they are at least as strict as
required by the spec - the user is shown the host before the location
is released to the document. I don't see any need to force UAs to
adopt a particular policy, as long as they meet the minimum

> No. "entry script" is still the outer script in this case, I think.

Ah, yes, you're right. I missed the text 'This algorithm is not
invoked by one script calling another.' when the HTML5 spec defines
jumping to a code entry point [1].

[1] http://dev.w3.org/html5/spec/Overview.html#jump-to-a-code-entry-point


Google UK Limited
Registered Office: Belgrave House, 76 Buckingham Palace Road, London SW1W 9TQ
Registered in England Number: 3977902
Received on Thursday, 10 November 2011 15:42:27 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:51:03 UTC