- From: Marcos Caceres <marcosc@opera.com>
- Date: Tue, 10 Nov 2009 16:29:32 +0100
- To: "SULLIVAN, BRYAN L (ATTCINW)" <BS3131@att.com>
- CC: WebApps WG <public-webapps@w3.org>
SULLIVAN, BRYAN L (ATTCINW) wrote:
> Marcos,
> I agree there is an assumption behind the approach I proposed, which I also believe will be valid for the vast majority of widgets which will actually have "index.html" or something like that as the start page. Further, the statements in the config.xml apply to all resources in the widget, not just the start page, i.e. I can start with a non-HTML which references an HTML file in the package, to which the "tag" attribute applies.
So we are clear, the tag attribute does not work in the following
situation. I want to disable x:script, but allow v:script... unless you
know what the things different namespaces will not be added dynamically
to the DOM:
<x:html xmlns:x="http://www.w3.org/1999/xhtml">
...
<x:script> ... </x:script>
<v:svg v:width="6cm" v:height="5cm" v:viewBox="0 0 600 500"
xmlns:v="http://www.w3.org/2000/svg" version="1.1">
<v:script src="...">...</v:script>
</v:svg>
</x:html>
> If the proposed solution is inadequate, I welcome other suggestions.
I don't have a suggestion because I don't believe this part of WARP is
broken or is necessary.
>But as it stands, the WARP spec is not consistent with the web
security model, so we need to fix the<access> element definition somehow.
Well, the whole point of WARP is to put these boundaries around the
behavior of widgets because they run locally. How a browsing context
should behave when run locally is not really defined by HTML5. This
leaves a gap for us to fill.
Received on Tuesday, 10 November 2009 15:30:17 UTC