- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 27 May 2008 14:29:16 +0200
- To: Anne van Kesteren <annevk@opera.com>
- CC: "Web API WG (public)" <public-webapi@w3.org>
Anne van Kesteren wrote: >>> I deferred this issue to HTML5 for now by referencing the recently >>> introduced definition of "same origin" there. That makes more sense >>> because if any changes to that definition are made there it would >>> also affect XMLHttpRequest. >> >> Pointer, please? > > http://www.whatwg.org/specs/web-apps/current-work/#same-origin No, I was looking for a pointer to what actually changed (which wasn't in CVS when I wrote the mail). You're still avoiding the question whether the URL parameter can be an IRI. I would assume it can't, in which case the spec should require it to conform to RFC3986. If it's known to be a URI, do we really need to refer to HTML5 for same-origin detection? >>>>>> When they are a string, then taking about character encoding doesn't >>>>>> make any sense here. >>>>> >>>>> Actually, since you need to encode them for the request it does. >>>> >>>> But that totally depends on the authentication scheme. I think >>>> you're confusing layers here. >>> >>> It does depend on that and that is mentioned. >> >> Are you referring to: "14. If the user argument was not omitted and is >> not null let stored user be user encoded using the encoding specified >> in the relevant authentication scheme or UTF-8 if the scheme fails to >> specify an encoding."? >> >> This has two problems: >> >> - it makes "stored used" an octet sequence, not a string. > > What is the problem? Well, octet sequences usually are not stored in strings but in byte arrays. I think what the spec currently says is confusing, and likely to cause damage in practice. >> - it simply doesn't work in practice, for instance for Basic >> Authentication > > You're not really helping finding the right solution here. This was > added for basic authentication if I remember correctly as it does not > specify any encoding. Sometimes there is no simple solution. Basic Authentication is not defined in terms of UTF-8, and, as far as I know, is not using it in practice, so suggesting that in XHR is a bug. >> The goal for examples should be to illustrate a specific feature, not >> to promote a specific coding practice (at least not when doing the >> latter affects the readability). > > I don't think it affects readability that much. It probably doesn't affect you (because you prefer that notation anyway), but minimally it affects me. And if it affects me, it's likely to affect others as well. BR, Julian
Received on Tuesday, 27 May 2008 12:36:55 UTC