On Thu, 16 Mar 2006 21:55:33 +0600, Hallvord R M Steen
<[EMAIL PROTECTED]> wrote:
Yes, getElementById is already defined to deal with duplicate IDs by
returning null, in DOM Level 3 Core [1].
This should be changed, it will break sites.
I'm not sure that the present behavior of the browse
Hallvord R M Steen wrote:
> You are right, if no variables are created one can't see the data by
> loading it in a SCRIPT tag. Are you aware of intranets/CMSes that use
> this as a security mechanism?
That's not actually right. I'm pretty sure this came across a public
security list, so...
You c
On Feb 25, 2006, at 01:06, Ian Hickson wrote:
On Thu, 7 Apr 2005, Henri Sivonen wrote:
I am very hostile towards the idea of requiring UAs to implement
any XML
parsing features that are in the realm of the XML 1.0 spec but
that the
XML 1.0 spec does not require. This means processing the
Le Thu, 16 Mar 2006 17:18:54 +0200, Mihai Sucan <[EMAIL PROTECTED]> a
écrit:
<...>
Yet getElementById is defined as [2]:
Returns the Element that has an ID attribute with the given value. If
no such element exists, this returns null.
If more than one element has an ID attribute with that
On 3/16/06, Hallvord R M Steen <[EMAIL PROTECTED]> wrote:
> > > If you today embed data on an
> > > intranet in JavaScript I can create a page that loads that script in a
> > > SCRIPT tag and steal the data.
> >
> > Could you please describe how exactly? the contents of remote script
> > elements
Le Thu, 16 Mar 2006 17:55:33 +0200, Hallvord R M Steen
<[EMAIL PROTECTED]> a écrit:
Yes, getElementById is already defined to deal with duplicate IDs by
returning null, in DOM Level 3 Core [1].
This should be changed, it will break sites.
True. Can it be changed? I believe not, since it's
On Mar 16, 2006, at 18:46, Henri Sivonen wrote:
Note: XML DTDs cannot express all the conformance requirement of
this specification. Therefore, a validating the XML processor and a
DTD cannot constitute a conformance checker. Also, since the two
authoring formats defined in this specificati
From the spec:
The term "validation" specifically refers to a subset of
conformance checking that only verifies that a document complies
with the requirements given by an SGML or XML DTD. Conformance
checkers that only perform validation are non-conforming, as there
are many conformanc
> > If you today embed data on an
> > intranet in JavaScript I can create a page that loads that script in a
> > SCRIPT tag and steal the data.
>
> Could you please describe how exactly? the contents of remote script
> elements are not typically available (and if they are it's a large
> security h
> Yes, getElementById is already defined to deal with duplicate IDs by
> returning null, in DOM Level 3 Core [1].
This should be changed, it will break sites.
> Yet, the implementations (major User Agents: Opera, Gecko, Konqueror and
> IE) are the problem, actually. These do not return null, they
Le Thu, 16 Mar 2006 16:17:25 +0200, Lachlan Hunt
<[EMAIL PROTECTED]> a écrit:
I don't. getElementById is already defined and implemented to deal with
duplicate IDs, there's no need to redefine it in a way that isn't
backwards compatible with existing sites.
Yes, getElementById is already
Le Thu, 16 Mar 2006 14:47:24 +0200, Alexey Feldgendler
<[EMAIL PROTECTED]> a écrit:
On Thu, 16 Mar 2006 18:33:30 +0600, Mihai Sucan <[EMAIL PROTECTED]>
wrote:
<...>
Therefore, it's clear nothing has to be changed in quirks mode, but in
standards mode:
1. break during parsing.
2. brea
Alexey Feldgendler wrote:
I think enforcing ID uniqueness in standards mode would be good, but
that would still probably break (very?) few pages. Those web authors
should have to "live with it", because they want standards-compliant
sites.
I'm not speaking about enforcing ID uniqueness at the
On Thu, 16 Mar 2006 18:33:30 +0600, Mihai Sucan <[EMAIL PROTECTED]>
wrote:
A DOMDocument interface has to be exposed to the contained scripts
anyway, ahy not also make it accessible from the outside?
Yes, but I'm afraid it's a technical challenge to implementors.
I don't believe it's a t
On 3/16/06, Hallvord R M Steen <[EMAIL PROTECTED]> wrote:
> On 3/11/06, Jim Ley <[EMAIL PROTECTED]> wrote:
>
> > Accessing JSON resources on a local intranet which are
> > secured by nothing more than the requesting IP address.
>
> While this is a valid concern I think the conclusion "no *new*
> se
Le Thu, 16 Mar 2006 13:45:54 +0200, Alexey Feldgendler
<[EMAIL PROTECTED]> a écrit:
<...>
A DOMDocument interface has to be exposed to the contained scripts
anyway, ahy not also make it accessible from the outside?
Yes, but I'm afraid it's a technical challenge to implementors. Their
brow
Peter Karlsson wrote:
Transcoding is very popular, especially in Russia.
Ahem... I wouldn't say it is. Only most, shall we say, conservative
hosters still insist on these archaic setups and refuse to understand
that trying to stick everything into windows-1251 is long unneeded. But
overall
On Wed, 15 Mar 2006 19:26:03 +0600, Mihai Sucan <[EMAIL PROTECTED]>
wrote:
Sandboxes are quite special things, so we'll need a DOMSandbox anyway.
But instead of adding things like getElementById() to the DOMSandbox
interface, I tend to make the "fake document" which is visible from
inside
Henri Sivonen on 2006-03-16:
Right. So, as a data point, it neither proves nor disproves the legends
about transcoding *proxies* around Russia and Japan.
The only transcoding proxies I know about are WAP gateways. They tend to do
interesting things with input, especially when the source doesn
On Mar 14, 2006, at 15:07, Peter Karlsson wrote:
Henri Sivonen on 2006-03-14:
Transcoding is very popular, especially in Russia.
In *proxies* *today*? What's the point considering that browsers
have supported the Cyrillic encoding soup *and* UTF-8 for years?
The mod_charset is not proxyin
On Wed, 15 Mar 2006 16:10:08 +0600, Ric Hardacre <[EMAIL PROTECTED]>
wrote:
Sandboxes are quite special things, so we'll need a DOMSandbox anyway.
But instead of adding things like getElementById() to the DOMSandbox
interface, I tend to make the "fake document" which is visible from
insi
title says it all really, only took me a few days of trying, heh.
There's little to no chance that anything i do stick in will make it
into the trunk (esp as i'm only building FX not seamonkey) but it should
all be good clean fun anyway, what does anyone think i should toy with
first? quite tem
22 matches
Mail list logo
