- From: Jonas Sicking <jonas@sicking.cc>
- Date: Thu, 10 Jul 2008 04:10:54 -0700
- To: Anne van Kesteren <annevk@opera.com>, Web Applications Working Group WG <public-webapps@w3.org>
Anne van Kesteren wrote: > > On Thu, 10 Jul 2008 01:13:52 +0200, Jonas Sicking <jonas@sicking.cc> wrote: >> Anne van Kesteren wrote: >>> This is exactly how postMessage() works and it seems nice to align >>> with that. >> >> I am very strongly against this syntax as it gives a false sense of >> security. To the point where I don't think I'd be willing to implement >> it in firefox. The fact that postMessage allows this sounds very >> unfortunate and something that I will look into fixing in that spec. > > Let me know how that works out. postMessage() is shipping already in > various implementations... I will keep you updated. Until then I very strongly feel we need to change the parsing rules to refer to rfcs 3986 and 3490 the way the previous draft did. >>>> Additionally, the way the spec was written before we could create a >>>> conformat implementation now without having to worry about HTML5 >>>> changing things under us. >>> >>> Well, in the end we want all those concepts implemented in the same >>> way everywhere, right? So I'm not sure how this matters. >> >> So why not let HTML5 refer to Access-Control? > > I don't really see how that would work. Access-Control can define how to parse the 'origin' part of the URI and HTML5 can refer to that. Or they can both refer to the same RFCs. / Jonas
Received on Thursday, 10 July 2008 11:12:27 UTC