W3C home > Mailing lists > Public > whatwg@whatwg.org > May 2007

[whatwg] password option for window.prompt?

From: Lee Kowalkowski <lee.kowalkowski@googlemail.com>
Date: Tue, 22 May 2007 16:38:28 +0100
Message-ID: <610592c90705220838j76050d18u9789ede9482c090c@mail.gmail.com>
On 22/05/07, Kristof Zelechovski <giecrilj at stegny.2a.pl> wrote:
> And besides, the bookmarklet uses the javascript protocol, which, IIRC, is
> designed to produce a new document on the fly, not to modify the current
> one.
> I do not think that a bookmarklet should be permitted to access the
> document that is being displayed in the browser.

I don't like "javascript:" referred to as a protocol.  The first part
of a URI is called a scheme which normally refers to a transfer
protocol in the case of URLs.  Javascript is not a protocol, not even
a pseudo one.

However, I'm quite comfortable with having "javascript:" as a private
naming scheme.  It clearly addresses the script engine.

I don't know why the javascript URI was designed, but I don't think
javascript URIs necessarily need to load new documents, because normal
URIs don't have to, a URI of "#top" is relative to the current
document.

I don't think it's a good idea to write a bookmarklet for password
management.  Most browsers already offer that feature.

It would be a shame to disallow bookmarklets DOM access, you can do so
many useful things (like rewind certain BBC radio shows on Listen
Again).  I think it would be more appropriate to allow denial of
script access to password fields, which some browsers do already.

I'm more against allowing "javascript:" URIs in the HTML source, they
should only be allowed via JS DOM operations to reinforce progressive
enhancement practice.

-- 
Lee
Received on Tuesday, 22 May 2007 08:38:28 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:55 UTC