- From: Mark Nottingham <mnot@mnot.net>
- Date: Thu, 20 Apr 2006 13:42:31 -0700
- To: Joseph Kesselman <keshlam@us.ibm.com>
- Cc: www-dom@w3.org
Well, the spec references HTML forms, which are themselves limited to two HTTP methods; GET and POST. So, it is very in-scope. In theory the requirements are inherited and therefore no further specification is required, but in practice people didn't realise the implications of form.submit() until it was too late. A note in errata would do the trick, I imagine; reminding implementers of the impact of referenced spec's requirements is a common pattern. Cheers, On 2006/04/20, at 1:24 PM, Joseph Kesselman wrote: > The definition of submit() in the DOM HTML 2.0 spec says only > "Submits the > form. It performs the same action as a submit button." > > Seems to me that this means the DOM implementation is free to > implement > security checks on form submission, and have them applied here. The > only > question seems to be whether there should be *additional* > constraints. I > would submit that since the nature of those constraints is out of > the DOM's > control, their existance is out of the scope of the DOM spec; take > it up > with whoever's standardizing browser behaviors. > > ______________________________________ > "... Three things are most perilous: Connectors that corrode, > Unproven algorithms, and self-modifying code! ..." > -- "Threes" Rev 1.1 - Duane Elms / Leslie Fish > (http://www.ovff.org/pegasus/songs/threes-rev-11.html) > > -- Mark Nottingham http://www.mnot.net/
Received on Thursday, 20 April 2006 20:42:55 UTC