Re: XHR LC comments

Maciej Stachowiak wrote:
> In practice it is much more important for same-origin to be implemented 
> consistently between XHR and HTML5 (and other Web standards) than for it 
> to be precisely consistent cross-browser, as inconsistencies in the 
> same-origin policy could lead to security holes. Thus, taking a snapshot 
> of what HTML5 says and putting it in XHR1 would be a dead letter, 
> because if HTML5 changes and browsers change to match it, they will not 
> leave their XHR implementation using an older version of the security 
> policy.

Interesting enough, this seems to be exactly the opposite of what Ian 
just said :-):

Ian> The point is that Apple and Microsoft are both going to implement the
Ian> thing as required by the Web in 2000, not as defined in HTML5. 
HTML5 is
Ian> describing existing practice on these matters, not defining new 
material.

BR, Julian

Received on Friday, 16 May 2008 07:05:46 UTC