- From: L. David Baron <dbaron@dbaron.org>
- Date: Tue, 15 Jan 2008 14:38:51 -0800
- To: www-tag@w3.org
On Tuesday 2008-01-15 17:09 -0500, noah_mendelsohn@us.ibm.com wrote: > 1) Based on his personal knowledge of the needs of the "user tracking" > community, Roy speculates that the proposed ping attribute will not be > widely used for its intended purpose, and thus is a bad idea. The relevant questions are really: (1) how much tracking currently done using redirects and/or script would be converted to <a ping>? (an improvement) (2) how much additional tracking would be done? (worse?) (3) what are the relative magnitudes of the improvement of switching from redirects and/or script to <a ping> vs the worsening of doing more tracking? > 2) He notes that while some particular resources may indeed interpret > empty body posts in the intended manner, others may not. If we understand > him correctly, Roy is suggesting that a malicious (or negligent) author > of Web pages with ping attributes could "trick" a user into causing such > a POST to be sent to a resource that would interpret it in ways that were > destructive. Does this introduce anything that form.submit() can't already do? > 3) He suggests that if a ping attribute is to exist, user agents must > distinguish for users actions that will cause pings to be sent from > actions that won't. I.e., an ordinary hyperlink access is "safe" in the > sense we discuss in Web architecture; the ping is not safe and could have > consequences, including unintended consequences as in (2) above, so "the > UI for a user action that is safe (a link) must be rendered differently > from all other actions that might be unsafe." Considering that script can already do lots of things when a user clicks a link (including send pings), having such user interface already requires solving the halting problem. While some implementations may want to provide additional user interface, I don't think the TAG has the necessary experience in user-interface design. > Members of the TAG believe that the ping attribute as proposed in HTML5 > may have a deep impact on the architecture of the Web itself. Accordingly, That seems rather dramatic for something that makes something that adds a declarative markup mechanism for something that's already quite common on the Web, thus making it a little easier to do and giving it a slightly better user experience. That said, the way privacy issues were dismissed rather than clearly explained when there was first significant press around <a ping> may mean it's DOA anyway, because the significant negative coverage it already received may make implementors hesitant to touch it or turn on support by default. -David -- L. David Baron http://dbaron.org/ Mozilla Corporation http://www.mozilla.com/
Received on Tuesday, 15 January 2008 22:39:01 UTC