- From: Robin Berjon <robin@berjon.com>
- Date: Wed, 2 Sep 2009 16:17:33 +0200
- To: Mark Baker <distobj@acm.org>
- Cc: marcosc@opera.com, public-webapps <public-webapps@w3.org>
Hi Mark, On May 22, 2009, at 15:25 , Mark Baker wrote: > I'm curious to learn where the requirement that "Must not allow > addressing resources outside a widget" came from? Can you point to a > precedent for such a restriction in any other protocol? I remember > TimBL writing something to the effect of "Anywhere you can use a URI, > you can use any URI", possibly in his design issues, but I can't find > a reference right now. The idea is that as currently defined, the URI scheme can only point to resources contained inside the widget. Wherever you use a widget: URI, you can also use other URI schemes such as http: or file: (i.e. there's no restriction on the content) but depending on your security settings it might not be retrieved and if executed it probably won't have access to the same APIs. The widget: URI comes with a guarantee that you're pointing inside the widget, which is a nice, clean, sandboxed world (which incidentally might also be signed). > I also don't understand what that bit about "run on the web" means > in the intro. Yeah, neither do I. I've tried to make the abstract clearer. Thanks! -- Robin Berjon - http://berjon.com/
Received on Wednesday, 2 September 2009 14:18:19 UTC