Re: Widget Requirement 37 (URI scheme etc)

On Thu, Feb 26, 2009 at 6:34 PM, Thomas Roessler <> wrote:
> Marcos,
> R37 currently reads:
> A conforming specification MUST recommend that, at runtime, the addressing
> scheme used by a resource that addresses another resource within a widget
> package be resolved to some hierarchical URI scheme for the purpose of DOM
> normalization. A conforming specification SHOULD recommend or specify an
> appropriate URI scheme: That is, a URI scheme that does not expose the
> underlying file system (if any) to the instantiated widget. In addition, an
> instantiated widget MUST NOT be able to address resources outside the widget
> resource via the URI scheme (even if URI scheme allows it).The URI scheme
> MUST pertain to individual widget instances, but it MAY potentially allow
> widgets to address each other (for instance, when used in conjunction with
> cross-widget communication).
> I don't think that this requirement should be phrased in terms of URI
> *schemes* at all.  Additionally, the "MUST NOT be able to address resources
> outside the widget resource" part of the requirement isn't clear -- why is
> that needed?  (Sounds like a bit of security policy crept in here.)


> Finally, while I agree that you don't want a widget to jailbreak, that's
> part of an overall security policy; it shouldn't be normatively mixed into
> the resource identification requirement.  Instead, the requirement should be
> that there ought to be a security policy with these effects.
> Therefore, my version of R37 would be:
> A conforming specification MUST define a mechanism to set the base URI for
> any DOM instances that occur within the Widget, and it MUST define a
> mechanism that enables the construction of URI references between different
> resources within a widget package.

Agreed. I've replaced the existing text with your proposed text.

Marcos Caceres

Received on Tuesday, 17 March 2009 12:53:05 UTC