- From: John Boyer <boyerj@ca.ibm.com>
- Date: Fri, 5 May 2006 17:27:26 -0700
- To: www-forms@w3.org
- Message-ID: <OFED4F131C.8A7C11F7-ON88257166.0001C4A8-88257166.00028262@ca.ibm.com>
In Section 11.2, it says that urlencoded-post as a method is deprecated. There is no citation in the section to say why, but given that this appeared in 1.0 first edition, I assume we are following some other spec out there. Would be nice to know which one. Moreover, given that the basic user login and password screen used across the web seems to rely on this method, why is it deprecated? Seems we couldn't do the usual login screen with an XForm without this because login systems tend to look only for the url encoded post data, and they don't fall back to looking in the URL for the parameters, which is where a GET would put them. I think that login system *don't* do this fallback because they want to discourage use of method GET so that a person's password doesn't show up clear text in the user agent URL cache. Thanks, John M. Boyer, Ph.D. Senior Product Architect/Research Scientist Co-Chair, W3C XForms Working Group Workplace, Portal and Collaboration Software IBM Victoria Software Lab E-Mail: boyerj@ca.ibm.com http://www.ibm.com/software/ Blog: http://www.ibm.com/developerworks/blogs/page/JohnBoyer
Received on Saturday, 6 May 2006 00:27:48 UTC