Please state the purpose of <feature>. (That it's for authorizing
features that don't participate in the Web-oriented browser security
model.)
Please include a corresponding UA requirement to obtain authorization
from the user for the features imported with <feature>. (It seems that
the security aspect requires an authorization and doesn't make sense
if the dangerous feature are simply imported silently.) As far as I
can tell, the spec doesn't currently explain what the UA is supposed
to do with the 'feature list' once built.
--
Henri Sivonen
hsivo...@iki.fi
http://hsivonen.iki.fi/