- From: Lachlan Hunt <lachlan.hunt@lachy.id.au>
- Date: Wed, 16 Jul 2008 14:22:49 +0200
- To: Steven Pemberton <steven.pemberton@cwi.nl>
- Cc: public-webapps <public-webapps@w3.org>
Steven Pemberton wrote: > On Fri, 15 Feb 2008 16:28:07 +0100, Anne van Kesteren <annevk@opera.com> > wrote: >> On Fri, 15 Feb 2008 16:18:34 +0100, Steven Pemberton >> <steven.pemberton@cwi.nl> wrote: >>> I would prefer "Implementations should ensure that they do not crash >>> or behave erratically" if you see my point. >>> >>> But what I don't understand is why the spec thinks that a hostile >>> NSResolver should be called out, or even what such a thing is. >> >> To ensure that naïve implementors don't overlook the potential issue >> here. An implementation of NSResolver can be provided by the script >> author as the specification explains and the script author can do all >> kinds of weird things that don't match a conforming implementation of >> NSResolver (such as mutating the DOM tree). > > Then I think that wording like that would make the issue clearer (though > I think stupidity rather than hostility would be a more likely risk). As the NSResolver has now been removed from the specification, so has this security requirement. Therefore, I'm closing this issue because it's no longer relevant. -- Lachlan Hunt - Opera Software http://lachy.id.au/ http://www.opera.com/
Received on Wednesday, 16 July 2008 12:23:29 UTC