- From: Hallvord R. M. Steen <hallvord@opera.com>
- Date: Thu, 11 Oct 2012 12:23:21 +0200
- To: "'Julian Aubourg'" <j@ubourg.net>, annevankesteren@gmail.com, "Jungkee Song" <jungkee.song@samsung.com>
- Cc: public-webapps@w3.org
Jungkee Song <jungkee.song@samsung.com> skreiv Thu, 11 Oct 2012 10:56:53 +0200 > IMO browser spoofing either through the browser's main HTTP request or > XHR request is not the ultimate way to handle the browser sniffing > issues in practical service scenarios. Well, it would be a lot nicer to write specs for an ideal "ultimate" world for sure ;-) In *this* world, this limits what script authors can do in a way that will leave them unable to solve some problems. However, that MAY still be a reasonable decision if there are good reasons to do so! I agree with you that this is a judgement call with both pros and cons. In this specific case I don't understand the full reasoning behind the limitation. Some of the rationale sounds more like "we think somebody once may have said it would cause a security problem". And I would like us to have a stronger rationale and more evidence when we limit what authors are allowed to do. Maybe other members of public-webapps could help me out by suggesting threat scenarios and use cases where this limitation seems relevant? -- Hallvord R. M. Steen Core tester, Opera Software
Received on Thursday, 11 October 2012 10:24:31 UTC