- From: Marcos Caceres <marcosscaceres@gmail.com>
- Date: Fri, 03 Jun 2011 13:26:21 +0200
- To: public-webapps WG <public-webapps@w3.org>
- CC: 'Robin Berjon' <robin@berjon.com>
The spec says: ""At runtime, when a network request is made from within the widget execution scope, the user agent matches it against the rules defined above, accepting it if it matches and blocking it if it doesn't.""" However, *blocking* is not defined. This has lead to inconstant behavior across user agents. Some engines throw a SECURITY_ERR and shut down the scripting environment, while others behave as if the resource could not be loaded. Blocking needs to be properly defined if we are going to get any interop... particularly what it means to block http/https resources.
Received on Friday, 3 June 2011 11:26:52 UTC