- From: Odin Hørthe Omdal <odinho@opera.com>
- Date: Mon, 23 Jul 2012 16:32:52 +0200
- To: public-webappsec@w3.org
On Mon, 23 Jul 2012 07:28:46 +0200, Mike West <mkwst@google.com> wrote: > I lean towards #2 as it seems less likely to leave a developer with the > mistaken impression that her directive is working the way she expects > (and tweaked the editor's draft to that effect over the weekend[2]). > > Still, the security risk of simply ignoring invalid items is probably > quite low, so expansion of the syntax might be a good reason to opt for > #1 instead. I always like having a road open for expansion. Especially on something as expansible as mime types. Ignoring invalid tokens wouldn't exclude printing out the error in the error console. With all the useful stuff that is turning up in that console these days, web developers gets more and more reasons to check it ;-) -- Odin Hørthe Omdal (Velmont/odinho) · Core, Opera Software, http://opera.com
Received on Monday, 23 July 2012 14:33:27 UTC