W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2015

RE: [W3C TCP and UDP Socket API]: Status and home for this specification

From: Domenic Denicola <d@domenic.me>
Date: Wed, 1 Apr 2015 17:03:12 +0000
To: Boris Zbarsky <bzbarsky@mit.edu>, "public-webapps@w3.org" <public-webapps@w3.org>
Message-ID: <CY1PR0501MB13691A3DFE0954E71700E50ADFF30@CY1PR0501MB1369.namprd05.prod.outlook.com>
From: Boris Zbarsky [mailto:bzbarsky@mit.edu]

> This particular example sets of alarm bells for me because of virtual hosting.

Eek! Yeah, OK, I think it's best I refrain from trying to come up with specific examples. Let's forget I said anything...

> As in, this seems like precisely the sort of thing that one browser might
> experiment with, another consider an XSS security bug, and then we have
> content that depends on a particular browser, no?

My argument is that it's not materially different from existing permissions APIs. Sometimes the promise is rejected, sometimes it isn't. (Note that either outcome could happen without the user ever seeing a prompt.) The code works in every browser---some just follow the denied code path, and some follow the accepted code path. That's fine: web pages already need to handle that.

Received on Wednesday, 1 April 2015 17:03:40 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:27:31 UTC