- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Wed, 20 Apr 2011 08:51:45 +0200
- To: Adam Barth <ietf@adambarth.com>
- CC: Maciej Stachowiak <mjs@apple.com>, public-iri@w3.org
On 20.04.2011 08:42, Adam Barth wrote: > On Tue, Apr 19, 2011 at 11:31 PM, Julian Reschke<julian.reschke@gmx.de> wrote: >> On 20.04.2011 08:22, Adam Barth wrote: >>> ... >>> It's a moderate problem in practice. For example, every browser I'm >>> aware of has had (historically) security bugs arising from subtly >>> different URL processing by various components. We also have examples >>> of compatibility problems with web sites arising from different URL >>> processing by browsers. >>> ... >> >> Yes. Sure. >> >> My question was: do the differences in the behavior of the decomposition >> attributes cause problems in practice? What type of code is using them? (I >> really want to know :-). > > I'm not sure I fully understand what question you're asking, but > segmenting URLs into components is super important. For example, at > least one of the security bugs I referred to above revolved around two > different URL parsers segmenting the host differently, leading to > disagreement about which security context the URL belonged to. > ... I'm referring to the attributes exposed in the DOM (visible to JS), as opposed that what implementations do internally (which we can only observe indirectly). Best regards, Julian
Received on Wednesday, 20 April 2011 06:52:23 UTC