- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Thu, 28 Oct 2010 21:48:26 -0400
- To: Chris Rogers <crogers@google.com>
- CC: Maciej Stachowiak <mjs@apple.com>, Geoffrey Garen <ggaren@apple.com>, Darin Fisher <darin@chromium.org>, Web Applications Working Group WG <public-webapps@w3.org>, Anne van Kesteren <annevk@opera.com>, Eric Uhrhane <ericu@google.com>, michaeln@google.com, Alexey Proskuryakov <ap@webkit.org>, Chris Marrin <cmarrin@apple.com>, jorlow@google.com, jamesr@chromium.org
On 10/28/10 5:40 PM, Chris Rogers wrote: > I'm not sure I completely understand the use case with the cross-site > scripts. Are we talking about a situation where one library initiates > the XHR and another library's event listener receives the data, where > it's not aware if the data is actually text or a binary payload? The cross-site script use case I was thinking is something simple like allowing some whitelisted sites to request gmail attachments for a given user. You don't necessarily know what you're getting until the data starts coming in. > I can understand the concerns about throwing an exception and how hard it > might be to debug. The concern in the cross-site case is that you're less likely than in the same-site case to know before you start getting the data what data to expect, since the whole point of cross-site is that you don't control the data you're getting. > But isn't this a problem case also if we don't throw > an exception and the data is interpreted as text when it's really binary > or vice versa? I'm not sure there's the dichotomy is as sharp as you make it out, but in any case, the "right" way to access the data can be based on the content-type the data reports, yes? It's just that this decision can't be made at open() time. > After all, if you access responseText and the data is > really binary, then it will be converted to some bogus text string Sure. Though if the data is "really text" you may meaningfully want to access the actual bytes sent. -Boris
Received on Friday, 29 October 2010 01:49:02 UTC