- From: Anne van Kesteren <annevk@opera.com>
- Date: Thu, 10 Jul 2008 07:26:24 +0200
- To: "Jonas Sicking" <jonas@sicking.cc>
- Cc: "WebApps WG" <public-webapps@w3.org>
On Thu, 10 Jul 2008 01:13:52 +0200, Jonas Sicking <jonas@sicking.cc> wrote: > Anne van Kesteren wrote: >> This is exactly how postMessage() works and it seems nice to align >> with that. > > I am very strongly against this syntax as it gives a false sense of > security. To the point where I don't think I'd be willing to implement > it in firefox. The fact that postMessage allows this sounds very > unfortunate and something that I will look into fixing in that spec. Let me know how that works out. postMessage() is shipping already in various implementations... > I don't want to carry this mistake forward into Access-Control. It seems bad to do something totally different, especially since it's pretty obvious what the net result is. >>> Additionally, the way the spec was written before we could create a >>> conformat implementation now without having to worry about HTML5 >>> changing things under us. >> >> Well, in the end we want all those concepts implemented in the same way >> everywhere, right? So I'm not sure how this matters. > > So why not let HTML5 refer to Access-Control? I don't really see how that would work. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Thursday, 10 July 2008 05:26:58 UTC