On May 1, 2006, at 8:13 AM, Jim Ley wrote:
"Maciej Stachowiak" <[EMAIL PROTECTED]>
Anyway, comments welcome even though there are still a handful of
pieces missing. Let me know especially if the text is hard to
understand or appears to overconstrain implementations.
Looking good, but a few comments:
location.reload() do we not want to list location.reload(true) too?
I think we do, I believe I raised an ISSUE on this.
| Should define which objects are replaced on a navigation and
which aren't.
| Window is not replaced,
Not sure that this means, but in that Window is also the global
script object, care needs to be taken.
Is DocumentWindow really necessary? It's a relatively new kid on
the block, and redundant with Window.location
Content depends on document.location as well as window.location.
| A normative requirement that UAs implement some security policy
| that is in line with some general principles of cross-site
scripting security,
| with exemptions allowed for "trusted" content.
I don't think it should be a requirement that any particular
security mechanism is required, it's perfectly reasonable to
implement the object in a wholely trusted environment, and there's
no reason to make them.
I haven't actually written the security section yet, these are just
notes. However, for interoperability of content I think it is a good
idea to set a minimum and maximum threshold for what the security
policy can be. I agree that the definition shouldn't overconstrain
implementations needlessly.
The other thing is some language to deal with clashes of names, you
say you need a unique name, but currently there is no restriction
on uniqueness of names.
For window.name you mean? Yeah, the collision resolution needs to be
defined. My next task (once I fill in some of the missing details of
Window) will be to redo the embedding section.
Regards,
Maciej
