- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Fri, 16 May 2008 09:04:30 +0200
- To: Maciej Stachowiak <mjs@apple.com>
- CC: Ian Hickson <ian@hixie.ch>, Anne van Kesteren <annevk@opera.com>, public-webapi@w3.org
Maciej Stachowiak wrote: > In practice it is much more important for same-origin to be implemented > consistently between XHR and HTML5 (and other Web standards) than for it > to be precisely consistent cross-browser, as inconsistencies in the > same-origin policy could lead to security holes. Thus, taking a snapshot > of what HTML5 says and putting it in XHR1 would be a dead letter, > because if HTML5 changes and browsers change to match it, they will not > leave their XHR implementation using an older version of the security > policy. Interesting enough, this seems to be exactly the opposite of what Ian just said :-): Ian> The point is that Apple and Microsoft are both going to implement the Ian> thing as required by the Web in 2000, not as defined in HTML5. HTML5 is Ian> describing existing practice on these matters, not defining new material. BR, Julian
Received on Friday, 16 May 2008 07:05:46 UTC