- From: Lee Kowalkowski <lee.kowalkowski@googlemail.com>
- Date: Tue, 22 May 2007 16:38:28 +0100
On 22/05/07, Kristof Zelechovski <giecrilj at stegny.2a.pl> wrote: > And besides, the bookmarklet uses the javascript protocol, which, IIRC, is > designed to produce a new document on the fly, not to modify the current > one. > I do not think that a bookmarklet should be permitted to access the > document that is being displayed in the browser. I don't like "javascript:" referred to as a protocol. The first part of a URI is called a scheme which normally refers to a transfer protocol in the case of URLs. Javascript is not a protocol, not even a pseudo one. However, I'm quite comfortable with having "javascript:" as a private naming scheme. It clearly addresses the script engine. I don't know why the javascript URI was designed, but I don't think javascript URIs necessarily need to load new documents, because normal URIs don't have to, a URI of "#top" is relative to the current document. I don't think it's a good idea to write a bookmarklet for password management. Most browsers already offer that feature. It would be a shame to disallow bookmarklets DOM access, you can do so many useful things (like rewind certain BBC radio shows on Listen Again). I think it would be more appropriate to allow denial of script access to password fields, which some browsers do already. I'm more against allowing "javascript:" URIs in the HTML source, they should only be allowed via JS DOM operations to reinforce progressive enhancement practice. -- Lee
Received on Tuesday, 22 May 2007 08:38:28 UTC