- From: Thomas Roessler <tlr@w3.org>
- Date: Tue, 9 Jun 2009 10:59:29 +0200
- To: Robin Berjon <robin@berjon.com>
- Cc: public-webapps WG <public-webapps@w3.org>
Quick review of the WAR spec... http://dev.w3.org/2006/waf/widgets-access/ 1. The definitions section seems to introduce "instantiated components" as a first class object that is granted access. However, what the spec talks about are the rights that the widget execution scope is granted. Notably, that execution scope *includes* an HTML file that sits within the widget, but loads a script off the network. 2. It would be useful for the policy section to explicitly say that network access from the web execution scope is controlled by the HTML5 security policy, not by this specification's security policy. 3. I continue to believe that it is a mistake to introduce new limitations on inline elements in this spec, and at this point of time. 4. The processing model is gratuitously detailed and complex, and pins down implementation detail. For example, the meaning of a sequence of access elements does not actually depend on the order in which these elements appear; nevertheless, the processing model is specified as walking down the list of access elements in document order. This could be made significantly easier to understand by simply saying what the values are, and what they mean, instead of the present page of prose. Regards, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Tuesday, 9 June 2009 08:59:37 UTC