- From: Lachlan Hunt <lachlan.hunt@lachy.id.au>
- Date: Wed, 16 Apr 2008 23:35:08 +0200
- To: Travis Leithead <travil@windows.microsoft.com>
- Cc: public-webapi <public-webapi@w3.org>
Travis Leithead wrote: >>> I'm considering adjusting the spec to allow just two options, and >>> making IE8's behaviour non-conforming. > > That sounds like you're trying to play hardball. :) My main concern is that interoperability is not sacrificed in the name of a security measure that's not entirely effective anyway. I believe there are alternative approaches that would achieve the same level of security without sacrificing too much interoperability. Although, ideally, both :link and :visited used in these APIs would match the same elements as they do when used in CSS. However, failing that, what is wrong with treating all links as unvisited as far as these APIs are concerned. Consider this: <p><a href="visited-link">foo</a> <a href="unvisited-link">bar</a> <script> var list1 = document.querySelectorAll(":link"); // Returns both links var list2 = document.querySelectorAll(":visited"); // Returns empty list </script> That retains sufficient functionality to make at least :link useful, without revealing which links have or have not been visited. This doesn't really affect interoperability too much, since the result is effectively the same as if the user just cleared their history. Alternatively, implementing a variation of that solution such as that described by Bjoern [1] would, perhaps, be even better. [1] http://lists.w3.org/Archives/Public/public-webapi/2008Apr/0137.html -- Lachlan Hunt - Opera Software http://lachy.id.au/ http://www.opera.com/
Received on Wednesday, 16 April 2008 21:36:50 UTC