- From: Ian Hickson <ian@hixie.ch>
- Date: Tue, 18 Apr 2006 17:55:30 +0000 (UTC)
- To: Ian Davis <ian.davis@talis.com>
- Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, public-webapi@w3.org
On Tue, 18 Apr 2006, Ian Davis wrote: > > Those are interesting ideas but my proposal is specifically to limit the > scope of which 3rd party hosts can be accessed by the XHR object. Why is > that out of scope? Well, it seems you'd want all the restrictions in one place, rather than have restriction policies for each feature specced out separately. Also, it would be very strange to restrict XHR while not restricting the dozens of other ways of doing cross-site communication -- if what you're trying to do is leak information, you don't care whether you're using cross-site XMLHttpRequest or an older system (indeed, the older the better, as it'll work with more browsers). -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 18 April 2006 17:55:43 UTC