W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2013

Re: [webappsec] Call for Consensus: UISecurity to Last Call Working Draft

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 28 Nov 2013 14:17:57 +0000
Message-ID: <CADnb78hJ5vCY1R=q6BEZcpOQMjPr7UWM408tt8hwT_wR=sqN4A@mail.gmail.com>
To: "Hill, Brad" <bhill@paypal.com>
Cc: Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Tue, Nov 26, 2013 at 5:52 PM, Hill, Brad <bhill@paypal.com> wrote:
> [Hill, Brad] This doesn't really add a dependency on XPath, XML or XSLT APIs for implementers in the user agent.  It's just about producing a string that identifies an item in the DOM.  The example code in the spec, ~20 lines of js using only DOM level 2 APIs, is the only dependency introduced here.

It does on the side of the server, no?

Also, if we think that algorithm is good enough we should just make it
normative and remove other options.


> I agree that there are "terms of art" in the non-normative implementation hints that aren't formally defined in the rest of the web platform, but I'm not sure what we ought to do about that.

At the very least we should admit it and indicate we expect this to be
refined going forward.


> Is there another spec you believe we ought to take a normative dependency on and describe this in-terms-of?

https://www.w3.org/Bugs/Public/show_bug.cgi?id=23825 seems like the
culprit here, but that's no specification (yet).


-- 
http://annevankesteren.nl/
Received on Thursday, 28 November 2013 14:18:24 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:03 UTC