[Bug 25924] [Imports]: The spec. is not very specific about the edge cases of the load from bugzilla@jessica.w3.org on 2014-05-31 (public-webapps@w3.org from April to June 2014)

From: <bugzilla@jessica.w3.org>
Date: Sat, 31 May 2014 07:02:20 +0000
To: public-webapps@w3.org
Message-ID: <bug-25924-2927-44wQTvddHM@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25924

Anne <annevk@annevk.nl> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |---

--- Comment #4 from Anne <annevk@annevk.nl> ---
We should probably actually clarify data URLs. I suspect they should not be
allowed here as they would be able to execute scripts. I need to add the flag
proposed by Jonas in
http://lists.w3.org/Archives/Public/public-webapps/2014AprJun/0696.html and
HTML imports should probably not set it.

Is the text/html requirement stated?


Brendan, as for the rest:

* blob URLs can work if they're same-origin
* redirect should be followed
http://fetch.spec.whatwg.org/#atomic-http-redirect-handling
* HTTP response status should probably be ignored (we never pay attention to
it)
* only text/html should be allowed (is that stated in the specification now?)
* stopping of external resource loading is up to the UA mostly (unless there's
explicit API which there's not)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Saturday, 31 May 2014 07:02:22 UTC