- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Wed, 29 Aug 2007 11:20:48 +0200
- To: Maciej Stachowiak <mjs@apple.com>
- Cc: www-archive@w3.org
* Maciej Stachowiak wrote: >It would work to specify the rules without specifying how to determine >the origin URI of the XHR completely. However, the rule you mention >would not work as is. For instance two textually identical data: URLs >should not be considered to constitute a same origin for scripting >purposes (though for XHR it doesn't matter). Could you elaborate on why scripts running in data:X should be denied access to data:X? Clearly they already have complete access to every- thing in X through parsing their own location's URL and they cannot do anything beyond accessing that information if you grant access. Per- haps you meant accessing data:X from http:Y should be allowed? -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de 68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Wednesday, 29 August 2007 09:20:58 UTC