- From: David Orchard <orchard@pacificspirit.com>
- Date: Wed, 3 Jun 2009 11:29:34 -0700
- To: Technical Architecture Group WG <www-tag@w3.org>
I saw some discussion from that TAG minutes about cross-site scripting and GET's perhaps becoming viewed as unsafe. While not quite the example of the GET resulting in POST, our mobile web based apps are never performing POST because of cross-site scripting restrictions so we use GET for all operations. As I've mentioned before, this pains me. The interesting problems is that our mobile application is a browser based app using phonegap. phonegap allows us to do cross platform mobile development using web technologies. The application is a bundle of phonegap + all our code. We can access all the device specific information, such as location using an api. This is no different from native code. Thus the browser sandbox, specifically cross-site, is completely inappropriate for an app that uses an embedded browser. Yet we have to deal with it so it's all GET. There's some irony that doing cross platform web based development using html, javascript, etc. requires breaking one of the crucial foundations of Web Arch. Cheers, Dave
Received on Wednesday, 3 June 2009 18:30:07 UTC