On Mon, Oct 12, 2009 at 8:24 PM, Mark S. Miller wrote:
> Most obviously, CORS proposes ACLs, with comma separated origins
> (following an Origin: header) to be used by servers to determine
> whether to grant read/PUT/DELETE access to cross-origin resources.
The CORS spec doesn't require servers t
On Aug 31, 2009, at 11:07 AM, Nikunj R. Mehta wrote:
>
> In WebDatabase:
>
> The user agent may raise a SECURITY_ERR exception instead of returning a
> Database object if the request violates a policy decision (e.g. if the
> user agent is configured to not allow the page to open databases).
>
>
On Sun, Oct 11, 2009 at 11:36 PM, Anne van Kesteren wrote:
> The concern seems to be mostly about CORS being an access control system.
Yes.
> I'm not entirely sure that is justified (though the headers are indeed
> confusingly named, mea culpa). All CORS does is allowing cross-origin
> resource
Simon Pieters put together a draft of a "Web DOM Core" spec
some time ago but currently lacks the cycles to serve as the
primary owner/editor for it going forward.
http://simon.html5.org/specs/web-dom-core
To get an idea of the intended scope of the document, see the
current set of interface de
On Oct 12, 2009, at 9:37 AM, Xiaomei Ji wrote:
For a use case that pinpoint a word from a page, the context
information needed besides word might be the language that the word
is in.
And yes, as you said, if the hit node is needed, elementFromPoint
should do.
Hit testing isn't cheap -
On Oct 12, 2009, at 1:08 AM, Anne van Kesteren wrote:
On Fri, 09 Oct 2009 19:04:52 +0200, Xiaomei Ji
wrote:
Maybe I should propose Document.wordFromPoint() which directly
returns the word under the mouse (and handles both the DOM node and
non-DOM form control nodes).
It hides the inform
>
>>>2. If file has a file-extension, attempt to match the file-extension
>>>to one in the file extensions column in the file identification table.
>>>If there is a match, then return the media type value. (returns
>>>"image/jpeg")
> I think file-extension would not be matched, but only base-name.
For a use case that pinpoint a word from a page, the context information
needed besides word might be the language that the word is in.And yes, as
you said, if the hit node is needed, elementFromPoint should do.
Thanks,
Xiaomei
On Mon, Oct 12, 2009 at 1:08 AM, Anne van Kesteren wrote:
> On Fri
On 10/12/09 11:58 AM, Anne van Kesteren wrote:
If you do something as simple as
application/xhtml+xml;charset=utf-8
it will be corrected so it should be fine.
Oh, I see. So you made it so charset is never _added_ if the
content-type is set, but will be corrected if present?
However, it i
On Mon, 12 Oct 2009 17:51:45 +0200, Boris Zbarsky wrote:
On 10/12/09 5:06 AM, Anne van Kesteren wrote:
FWIW, this is what I've done now. It gives authors a reasonable level of
control over the Content-Type header, it does make sure an incorrect
charset parameter is fixed, and includes a charset
On 10/12/09 5:06 AM, Anne van Kesteren wrote:
FWIW, this is what I've done now. It gives authors a reasonable level of
control over the Content-Type header, it does make sure an incorrect
charset parameter is fixed, and includes a charset parameter and MIME
type if the author did not include a Co
On Oct 12, 2009, at 7:04 AM, Maciej Stachowiak wrote:
On Oct 9, 2009, at 4:36 PM, Mark S. Miller wrote:
The last of the links above should make the application to CORS
concrete. See also the dismissive replies which followed in that
thread. If you find these dismissals plausible, please ima
Robin Berjon wrote:
Hey Marcos,
On Oct 9, 2009, at 16:07 , Marcos Caceres wrote:
On Fri, Oct 9, 2009 at 3:42 PM, Robin Berjon wrote:
On Oct 9, 2009, at 13:33 , Marcos Caceres wrote:
For simplicity, keeping a two-dimensional lookup of media type ×
locales folder makes the implementation eas
On Oct 9, 2009, at 4:36 PM, Mark S. Miller wrote:
The last of the links above should make the application to CORS
concrete. See also the dismissive replies which followed in that
thread. If you find these dismissals plausible, please imagine back to
the world in which CSRF was first diagnosed
On Mon, 12 Oct 2009 14:50:07 +0200, Jonathan Rees
wrote:
If access to resources weren't controlled (i.e. secure in the face of
realistic risks), why would you deploy the feature?
The feature is there to enable resources talking to each other in
cross-origin fashion in a way that does not co
Hey Marcos,
On Oct 9, 2009, at 16:07 , Marcos Caceres wrote:
On Fri, Oct 9, 2009 at 3:42 PM, Robin Berjon wrote:
On Oct 9, 2009, at 13:33 , Marcos Caceres wrote:
For simplicity, keeping a two-dimensional lookup of media type ×
locales folder makes the implementation easiest and yields the lea
On Mon, Oct 12, 2009 at 2:36 AM, Anne van Kesteren wrote:
> On Sat, 10 Oct 2009 01:36:50 +0200, Mark S. Miller
> wrote:
>>
>> The last of the links above should make the application to CORS
>> concrete. See also the dismissive replies which followed in that
>> thread. If you find these dismissals
On Oct 12, 2009, at 3:46 AM, Maciej Stachowiak wrote:
On Sep 19, 2008, at 7:44 AM, Boris Zbarsky wrote:
Michael(tm) Smith wrote:
It's intended in part to be a way to keep all our law-abiding
citizen readers in the general public informed about what progress
if any the group is making on th
On Sep 19, 2008, at 7:44 AM, Boris Zbarsky wrote:
Michael(tm) Smith wrote:
It's intended in part to be a way to keep all our law-abiding
citizen readers in the general public informed about what progress
if any the group is making on the spec.
But if the information is months out of date, i
On Mon, Oct 12, 2009 at 1:29 PM, Anne van Kesteren wrote:
> On Mon, 23 Jun 2008 01:22:20 +0200, Yaroslav wrote:
>>
>> In the current spec
>> (http://www.w3.org/TR/2008/WD-XMLHttpRequest-20080415/) I do not see
>> the possibility to POST application/x-www-form-urlencoded data with
>> charset other
On Mon, 23 Jun 2008 01:22:20 +0200, Yaroslav wrote:
In the current spec
(http://www.w3.org/TR/2008/WD-XMLHttpRequest-20080415/) I do not see
the possibility to POST application/x-www-form-urlencoded data with
charset other than UTF-8. I think this is limiting factor, which
should be avoided. UTF
On Sat, 10 Oct 2009 04:45:00 +0200, Boris Zbarsky wrote:
Specifically, if the application does:
setRequestHeader("content-type", "foo/bar")
or some such you'll leave it alone.
I honestly don't care all that much, all things considered.
FWIW, this is what I've done now. It gives authors a r
On Fri, 09 Oct 2009 19:04:52 +0200, Xiaomei Ji wrote:
Maybe I should propose Document.wordFromPoint() which directly returns
the word under the mouse (and handles both the DOM node and non-DOM form
control nodes).
It hides the information about the node and should be a useful API.
Don't y
23 matches
Mail list logo