- From: Devdatta Akhawe <dev.akhawe@gmail.com>
- Date: Mon, 16 Sep 2013 01:39:02 +0100
- To: Michal Zalewski <lcamtuf@coredump.cx>
- Cc: Brad Hill <hillbrad@gmail.com>, Joel Weinberger <jww@chromium.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
> Honestly, I'm a bit struggling to understand what's the key benefit of > doing suborigin://hashed-concat versus suborigin://non-hashed-concat - > in that both of these representations will not be literal string +1. I think hashing unnecessarily complicates the spec, the application code, and (UA) implementations. I also think it will have a massive (negative) impact on debuggability and developer usability of sub-origins. There is value to the ease and simplicity of a simple concat. cheers Dev
Received on Monday, 16 September 2013 00:39:48 UTC