W3C home > Mailing lists > Public > public-html@w3.org > February 2013

Form HTTP Extensions

From: Cameron Jones <cmhjones@gmail.com>
Date: Fri, 22 Feb 2013 15:05:44 +0000
Message-ID: <CALGrgetzvdyWcfvMeOpyHdqkLftsuOpZxQ3c19L0Ush+NLUFWw@mail.gmail.com>
To: "public-html@w3.org LIST" <public-html@w3.org>
Hi all,

I've just committed a initial draft of the specification of HTTP extensions
for HTML forms:


This specification is the reification of the proposal which i worked on
last year in answer to ISSUE-195. The proposal has an examination of the
use cases and rationale for the extensions as well as an itemization of the
change set within bullet point form:



The extension enhances the ability for static, declarative definition of
HTTP requests from user input through the HTML form input controls. The
author is provided with essentially no-restriction to the ability to define
HTTP method, headers and body, in addition to some specific interfacing
with HTTP Authentication allowing for a real alternative to using cookies
for session continuation and providing a meaningful improvement for
non-HTTPS authentication and session control.

The specification is pure HTML and affords all these abilities in absence
of requiring any JavaScript support.

Is there support or objection within the group for introducing these

Due to nature of these extensions as a revision over the Form Submission
Algorithm, and due to the intersection with core WWW architecture, i think
this should be targeted at the HTML5.0 specification.

Also, note that due to the restriction of HTTP methods to origin-only (or
with CORS), and the restriction of headers from the XHR standard, this
specification does not to introduce any security vulnerabilities.

Cameron Jones
Received on Friday, 22 February 2013 15:06:15 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 9 October 2021 18:46:00 UTC