- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 07 Mar 2006 09:52:04 +0100
- To: "Web APIs WG (public)" <public-webapi@w3.org>
On Tue, 07 Mar 2006 09:22:29 +0100, Jonas Sicking <jonas@sicking.cc> wrote: > I'm not sure that it's a good idea to define the exact security policy > here. Shouldn't we allow implementations to return null rather then > throwing? Well, at the moment it doesn't say MUST throw, but MAY throw... I'm not sure yet how to handle the security cases. It's obviously important enough to mention it in the specification, but limiting the UA in what it can do may not be such a good idea either. This does not solely apply to this though. We should probably discuss in what level of detail we want to define what UAs have to do. Personally I'd be happy with not defining what they have to do but just pointing out the potential security problems UAs probably have to act upon in order to make browsing secure. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Tuesday, 7 March 2006 08:52:12 UTC