W3C home > Mailing lists > Public > www-tag@w3.org > September 2015

Re: Same Origin Policy - Re: Agenda: <keygen> being destroyed when we need it

From: Alex Russell <slightlyoff@google.com>
Date: Mon, 14 Sep 2015 07:11:32 -0700
Message-ID: <CANr5HFUWRZY+CwNwQqof0F6vyBK5BqDg2zscjQvv-+nt+qMrXw@mail.gmail.com>
To: Kingsley Idehen <kidehen@openlinksw.com>
Cc: Henry Story <henry.story@co-operating.systems>, Wendy Seltzer <wseltzer@w3.org>, "www-tag@w3.org List" <www-tag@w3.org>, Carvalho Melvin <melvincarvalho@gmail.com>, Tim Berners-Lee <timbl@w3.org>
On Mon, Sep 14, 2015 at 6:59 AM, Kingsley Idehen <kidehen@openlinksw.com>

> On 9/12/15 1:54 PM, Alex Russell wrote:
> > But that's all indulgent thinking. JavaScript is a core part of the
> > web stack today. We live in a world where it exists. We cannot pretend
> > it doesn't.
> Anyone should still be able to use the Web modulo Javascript.

We agree! I'm a massive supporter of the Progressive Enhancement approach
to app/site construction.

> Javascript is simply a popular programming language, supported by
> browsers. It isn't core Web Technology, as far as I understand what
> constitutes core Web Technology:
> 1. URIs
> 2. HTTP
> 3. HTML -- this doesn't make Javascript core Web technology (IMHO).

While this formulation might be useful in some circumstances, it doesn't
really clarify anything here. The security model of the web is about what
the full set of commonly supported tech (together) can accomplish and is
about setting limits on that behavior. For the same reason that CSS needs
to be factored into security/privacy considerations, so does JavaScript.

Received on Monday, 14 September 2015 14:12:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:12 UTC