- From: Ian Hickson <ian@hixie.ch>
- Date: Fri, 25 Jul 2014 17:49:30 +0000 (UTC)
- To: Mike West <mkwst@google.com>
- cc: Jochen Eisinger <eisinger@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Anne van Kesteren <annevk@annevk.nl>
On Fri, 25 Jul 2014, Mike West wrote: > On Thu, Jul 24, 2014 at 9:26 PM, Ian Hickson <ian@hixie.ch> wrote: > > Other than [the fundamental objection to JS environment], this seems > > much closer. One remaining nit is that the API referrer source isn't > > always a Document, sometimes it's a URL. > > Hrm. When does this happen? Workers. > https://github.com/w3c/webappsec/commit/68317e6c6df9e81a1f4570bc8bf984660abd4bf0 > hopefully addresses it. Yeah, looks good, modulo the whole "using a JS environment in the first place" thing. :-) I'll let Anne weigh in on that issue. > > We don't need JS global environments to do this. (What about non-JS > > workers in the future?) > > Is there a proposal for such a thing? There's always proposals for putting languages other than JS on the Web. While so far there's not been much cross-vendor support for any one solution, it seems like a safe bet to assume that eventually something like that will come along that gets adopted widely. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 25 July 2014 17:49:54 UTC