- From: Ian Hickson <ian@hixie.ch>
- Date: Sat, 27 Sep 2008 00:11:02 +0000 (UTC)
- To: Boris Zbarsky <bzbarsky@MIT.EDU>
- Cc: HTML WG <public-html@w3.org>
On Fri, 26 Sep 2008, Boris Zbarsky wrote: > Ian Hickson wrote: > > How would the identifier be used? > > If nothing else (for things like Access-Control) to differentiate a UA that > doesn't support the spec at all from a UA that happens to be doing things with > a unique identifier origin... Wouldn't the "null" value that has to be passed in such cases be enough to detect those cases? > It would also make it possible to have a well-defined way of performing > origin comparisons as string comparisons. I agree that would be a possible benefit. > > It seems better not to expose the internal IDs, lest someone manage to > > use the exposed ID to trick the user agent or a page somehow. > > I agree that this might be a concern. It seems, though I could of course be wrong, that exposing internals is a bigger disadvantage than the benefit gained. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Saturday, 27 September 2008 00:20:38 UTC