- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Thu, 19 Jun 2008 12:09:42 +0200
- To: timeless@gmail.com
- CC: "public-webapps@w3.org" <public-webapps@w3.org>
timeless wrote: >> generally what i've seen is that exposing some information about a >> parse error to a script is a great way to enable data leaks to a >> malicious application. > > On Thu, Jun 19, 2008 at 11:19 AM, Julian Reschke <julian.reschke@gmx.de> wrote: >> Could you please provide some more information or give an example about when >> this would be the case? > > this is the replacement spec which doesn't support this feature (which > also implies that people might have had a reason): > http://dev.w3.org/csswg/cssom/#the-cssstylesheet > Statements that were dropped during parsing can not be found using these APIs. > ... Can you provide an example where providing *XML* parse error information within *XHR* would be problematic? BR, Julian
Received on Thursday, 19 June 2008 10:10:24 UTC