- From: Joseph Kesselman <keshlam@us.ibm.com>
- Date: Fri, 22 Mar 2002 13:50:00 -0500
- To: rayw@netscape.com (Ray Whitmer)
- Cc: Thierry Kormann <tkormann@ilog.fr>, W3c-Svg-Wg <w3c-svg-wg@w3.org>, Www-Dom <www-dom@w3.org>, "Arnaud Le Hors" <lehors@us.ibm.com>, Philippe Le Hégaret <plh@w3.org>
On Friday, 03/22/2002 at 10:13 PST, rayw@netscape.com (Ray Whitmer) wrote: > In some cases it would violate security to permit them to even be manually bridged If the DOM Event APIs are exposed, I don't see any way to prevent a relationship from being established manually -- at least not within the scope of the DOM as currently designed. This sounds like an issue for a security-aware subclass of the DOM, and I don't think that flavor is even on the Open Issues List yet. It may come closest to the read-only DOM proposal, or perhaps the transactional proposal... but I think one can make a good case for it being best left as something for higher-level code to define and deal with, since different contexts may have significantly different concerns. ______________________________________ Joe Kesselman / IBM Research
Received on Friday, 22 March 2002 13:50:50 UTC