- From: Kornel Lesinski <kornel@osiolki.net>
- Date: Tue, 08 Jan 2008 01:10:39 -0000
On Sat, 05 Jan 2008 06:51:29 -0000, Henry Mason <hmason at mac.com> wrote: > - Unnecessary dependency on DOM Events This feature is inherently event-based. I think it does make sense to re-use existing framework for event handling. However, I haven't found use-case for remote triggering of standard events, like mouse and keyboard events. I always use my custom events, because I don't want to couple server-side code with details of particular user interface. > - Redundancy with already existing techniques, especially XMLHttpRequest It's much simpler to use and allows browser to manage the connection. > I propose that we remove support for non-message events; that is, allow > only events with MessageEvent interface. +1 Scripts that need that functionality can create wrapper on client-side that will dispatch other types of events. > The critically cool part, however, is that since MessageEvents store > their domain and URI origin, it will be safe to allow for cross-domain > messaging through this server-sent events. I don't see how it makes cross-domain messaging safe. Without Access-Control mechanism, what would prevent malicious site from reading event-source of e.g. users' gmail chat? (variant of CSRF attack) -- regards, Kornel Lesi?ski
Received on Monday, 7 January 2008 17:10:39 UTC