Re: responseXML/responseText exceptions and parseError

On Thu, Jun 19, 2008 at 1:09 PM, Julian Reschke <julian.reschke@gmx.de> wrote:
> Can you provide an example where providing *XML* parse error information
> within *XHR* would be problematic?

i really shouldn't have to. imagine a document that is not CSS and is not XML.

now imagine an api that lets you try to load it as css. imagine that
this api exposes a dom object that describes *any* information from
that document in the case that it fails to parse as css.

basically it meant that you can interrogate pages that you weren't
supposed to be able to look at to get information you weren't supposed
to have.

now replace 'css' with 'xml'. The logic still applies.

And yes, I understand you'll wave hands about "this is a trusted
application". I don't care. If it's a trusted application, then I
trust it not to make mistakes and to have ways to verify the
information server side before it's ever sent on any wires.

Received on Thursday, 19 June 2008 10:22:12 UTC