- From: Maciej Stachowiak <mjs@apple.com>
- Date: Thu, 15 May 2008 13:52:21 -0700
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Ian Hickson <ian@hixie.ch>, Anne van Kesteren <annevk@opera.com>, public-webapi@w3.org
On May 15, 2008, at 1:24 PM, Julian Reschke wrote: > >> practice, take anything away from the ability to get interoperable >> implemenations of the feature described in XHR1. > > Really? > > What if Apple implements the thing as defined by HTML5-as-of-2008, > and Microsoft as defined in HTML5-as-of-2009? > > If it matters, then it's a problem. If it doesn't matter, leave it > out of the XHR spec, as apparently, it's irrelevant for the goal > it's trying to achieve. In practice it is much more important for same-origin to be implemented consistently between XHR and HTML5 (and other Web standards) than for it to be precisely consistent cross-browser, as inconsistencies in the same-origin policy could lead to security holes. Thus, taking a snapshot of what HTML5 says and putting it in XHR1 would be a dead letter, because if HTML5 changes and browsers change to match it, they will not leave their XHR implementation using an older version of the security policy. Regards, Maciej
Received on Thursday, 15 May 2008 21:16:03 UTC