- From: Thomas Roessler <tlr@w3.org>
- Date: Sun, 6 Dec 2009 13:35:39 +0100
- To: public-web-security@w3.org
- Cc: Thomas Roessler <tlr@w3.org>
The XMLHttpRequest spec is in Last Call till 16 December: > XMLHttpRequest > W3C Working Draft 19 November 2009 > This Version: > http://www.w3.org/TR/2009/WD-XMLHttpRequest-20091119/ A review from a security perspective would be a Good Thing. Particularly interesting pieces: - this is the place where the same origin policy for XMLHttpRequest is defined - behavior upon redirects - needs security considerations on, e.g., DNS rebinding Any takers? Thanks, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Sunday, 6 December 2009 12:35:42 UTC