Anne van Kesteren wrote:
On Thu, 10 Jul 2008 01:13:52 +0200, Jonas Sicking <[EMAIL PROTECTED]> wrote:
Anne van Kesteren wrote:
This is exactly how postMessage() works and it seems nice to align
with that.
I am very strongly against this syntax as it gives a false sense of
security. To the point where I don't think I'd be willing to implement
it in firefox. The fact that postMessage allows this sounds very
unfortunate and something that I will look into fixing in that spec.
Let me know how that works out. postMessage() is shipping already in
various implementations...
I will keep you updated.
Until then I very strongly feel we need to change the parsing rules to
refer to rfcs 3986 and 3490 the way the previous draft did.
Additionally, the way the spec was written before we could create a
conformat implementation now without having to worry about HTML5
changing things under us.
Well, in the end we want all those concepts implemented in the same
way everywhere, right? So I'm not sure how this matters.
So why not let HTML5 refer to Access-Control?
I don't really see how that would work.
Access-Control can define how to parse the 'origin' part of the URI and
HTML5 can refer to that. Or they can both refer to the same RFCs.
/ Jonas
