- From: Brian Smith <brian@briansmith.org>
- Date: Thu, 29 Jan 2015 09:48:52 -0800
- To: Joel Weinberger <jww@chromium.org>
- Cc: Mike West <mkwst@google.com>, Brad Hill <hillbrad@gmail.com>, Anne van Kesteren <annevk@annevk.nl>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Joel Weinberger <jww@chromium.org> wrote: > Not to add too much fuel to the fire here, but what if, for cleanliness, the > spec did not allow *any* IP address, but did specify that user agents treat > a src of localhost as equivalent to 127.0.0.1 and ::1? Wouldn't it be better to not support IP address literals at all in WebAppSec standards, and also make whatever changes are necessary so that web developers can always use "localhost" instead of "127.0.0.1" or "::1" in all cases? Cheers, Brian
Received on Thursday, 29 January 2015 17:49:19 UTC