- From: Thomas DeWeese <Thomas.DeWeese@Kodak.com>
- Date: Thu, 04 Nov 2004 06:58:40 -0500
- To: Boris Zbarsky <bzbarsky@MIT.EDU>
- CC: Denis Bohm <denis@fireflydesign.com>, www-svg@w3.org
Boris Zbarsky wrote:
> As a web browser developer, I can tell you that the only way we'd possibly
> implement a feature like this is by allowing it to only connect back to
> the originating server, most likely with a restriction on which ports it
> can connect to.
Why would you restrict ports if you restrict to the originating
server? If they want to hack themselves let them. BTW you
absolutely should not allow even HTTP requests to anything but
the originating server from Script, otherwise they can browse
a persons intranet, (links are different because the originating file
doesn't get access to the new content).
> Attempts to do anything else would result in an
> exception being thrown, without the user being consulted. That's what we
> do now for many far more restrictive cases (XSLT comes to mind here, as
> do XMLHttpRequest, etc).
Sure, this would be totally reasonable.
> The problem is that given the likely restrictions UAs will have to place
> on the usage of this interface it may well be no more useful than
> existing interfaces... and possibly less useful.
Sorry, I totally disagree, this is still a very useful interface.
Not everything on the web is or should be HTTP. There are many
cases where you want long lived connections with Bi-directional
data.
Received on Thursday, 4 November 2004 11:58:41 UTC