- From: Charles McCathieNevile <chaals@opera.com>
- Date: Thu, 28 Sep 2006 00:23:11 +0200
- To: paul@activemath.org
- Cc: "Web API public" <public-webapi@w3.org>
On Wed, 27 Sep 2006 22:40:22 +0200, Paul Libbrecht <paul@activemath.org> wrote: > Charles, > > Charles McCathieNevile wrote: >> Actually for version one I would like to have something that is pretty >> close to what is already implemented. > How safe is this actually ? > I mean... I had the impression that MSIE itself was not very consistent > with this and that loads of security freaks were actually complaining > about it and that it got disabled at some point... am I wrong ? IE has a crappy default security model for it in some versions, where you have to turn *on* a sensible mode. But I don't think it is the place of this spec to decide *the* security model - if people want to use scripts that copy and paste stuff that should be OK conformance wise, although there are a bunch of things that should generally be turned off for security. I plan to sprinkle more warnings through the spec. > I understand it'd be great to have code that complies with the spec to > actually run on MSIE and Safari... but I'm feeling this could be an > illusion since this is such a fragile security issue already. I don't think Opera is in any hurry to emulate IE's default security model described above. But pointing out to authors that they *should not* rely on certain functions if they are not trusted, and that implementations *should* block assorted things, is IMHO the right way to go. Implementors sometimes sit down and work on security models together, we sometimes differentiate. We also have variable models according to customer needs, etc. > Also note that at least to answer the MathML copy wish, MSIE (and > Safari) are both no-gos since they don't support MathML. MSIE does > through MathPlayer but that does not give complete access to the DOM (to > my knowledge). Safari is planning MathML... maybe one day. Yeah, I am thinking of reordering the examples because of that problem, and clarify that the use cases may not all be met by version 1. Thanks for the comments Chaals -- Charles McCathieNevile, Opera Software: Standards Group hablo español - je parle français - jeg lærer norsk chaals@opera.com Try Opera 9 now! http://opera.com
Received on Wednesday, 27 September 2006 22:23:18 UTC