- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Sat, 02 Aug 2008 16:54:35 +0200
- To: Justin James <j_james@mindspring.com>
- CC: 'Ian Hickson' <ian@hixie.ch>, 'Sam Ruby' <rubys@us.ibm.com>, 'HTML WG' <public-html@w3.org>
Justin James wrote: >> Could you elaborate on that? Are you wondering whether a syntax like >> this could be used to automatically download associated scripts? (to >> which my answer would be: hopefully not :-) > > For example, if the page I am authoring is located at: > http://www.sitea.com/pages/page4.html > > and it contains a class name: > http://www.someothersite.com/price > > what happens? Should it be rejected? Let's make it even more interesting... let's say the style sheet I used came from: Nothing happens. It's just a name. > http://www.someothersite.com/css/style1.css > > Now, the class comes from the same pseudo-namespace (as I have decided to call this concept) as the stylesheet. Does that change the dynamics at all? > > Or to rephrase, should the browser be performing any kind of security checks/sandboxing/cross domain restrictions on the pseudo-namespace, even though it does not mean a hill of beans at the CSS level? Or should the browser treat all class names a "dumb values", even if it does not (as we hashed out in the last message) actually download/execute/etc. a pseudo-namespaced class? > > I think it should not enforce anything here, but we may want to. The name is an identifier only, just in an XML namespace. For instance, you can use the XHTML namespace without having authority over w3.org. BR, Julian
Received on Saturday, 2 August 2008 14:55:22 UTC