- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Wed, 03 Nov 2004 23:12:51 -0600
- To: Denis Bohm <denis@fireflydesign.com>
- CC: www-svg@w3.org
Denis Bohm wrote: > actually it's safer because the UA is making > sure the user is aware of the applications request to connect to another > computer. Do you really think users read the "is it ok if ..." alerts an implementation would have to pop up to ask for such permission? As a web browser developer, I can tell you that the only way we'd possibly implement a feature like this is by allowing it to only connect back to the originating server, most likely with a restriction on which ports it can connect to. Attempts to do anything else would result in an exception being thrown, without the user being consulted. That's what we do now for many far more restrictive cases (XSLT comes to mind here, as do XMLHttpRequest, etc). In an intranet environment it may be possible to have a looser security policy, but we're talking about a standard to be used on the Web here, but Web UAs. > So I don't see a problem. This has already been thought out in > other contents and the SVG interfaces don't introduce any new issues. The problem is that given the likely restrictions UAs will have to place on the usage of this interface it may well be no more useful than existing interfaces... and possibly less useful. Whether the usefulness is reduced enough is something that is a matter of debate, of course. -Boris
Received on Thursday, 4 November 2004 05:12:55 UTC