W3C home > Mailing lists > Public > uri@w3.org > November 2006

Re: The 'javascript' scheme

From: Graham Klyne <GK@ninebynine.org>
Date: Sun, 19 Nov 2006 16:35:37 +0000
Message-ID: <456087D9.6030506@ninebynine.org>
To: Bjoern Hoehrmann <derhoermi@gmx.net>, uri@w3.org, uri-review@ietf.org

Bjoern Hoehrmann wrote:
> * Graham Klyne wrote:
>> I have rather mixed feelings about this proposal.
>> [...]
> I just re-read this thread and I still do not see how I could change the
> draft to address the concerns you have raised. Could you propose changes
> you would like me to make?

I wish I could.  My hope was that some clearer consensus would emerge out of the
ensuing discussion.

The best I can suggest right now is to add a note under security considerations
to the concern you responded to here:

Very great care should be taken with Javascript URIs whose execution can cause
side effects.  There are circumstances in which URIs may be used in the full
expectation that simply dereferencing it does not cause any obligation to be
incurred (cf. http://www.w3.org/TR/2004/REC-webarch-20041215/#safe-interaction),
and care may be needed to ensure that simply resolving the URI in such
situations does not violate the expectations for "safe" interactions (in the
sense of RFC2616, section 9.1.1).

Otherwise, having raised the issue for discussion, and made what points I feel I
can, I'm not inclined to argue the case further.

I hope this helps.


Graham Klyne
For email:
Received on Sunday, 19 November 2006 17:09:38 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:25:10 UTC