On 10.12.2010 01:46, Tab Atkins Jr. wrote:
...
Indeed. You shouldn't be able to trigger POSTs from involuntary
actions. They should always require some sort of user input, because
there is simply *far* too much naive code out there that is vulnerable
to CSRF.
...
Thanks, Tab.
It's sad that
On Thu, Dec 9, 2010 at 6:59 PM, Martin Janecke whatwg@kaor.in wrote:
What is your opinion on enabling the HTTP POST method for the img
element? The motivation behind this is that there are services which
generate images automatically based on parameters given -- nowadays
provided as query
On Fri, 10 Dec 2010 01:43:27 +0100, Kevin Carle kca...@google.com wrote:
The use case under discussion is changing to another video. So the
element
is already inserted and already has src.
Something like:
video controls autoplay
source src=video1.webm type=video/webm
source src=video1.mp4
On Fri, 10 Dec 2010 03:26:14 +0100, Adam Barth w...@adambarth.com wrote:
On Thu, Dec 9, 2010 at 4:46 PM, Tab Atkins Jr. jackalm...@gmail.com
wrote:
Why wouldn't form method=post
action=/logoutbuttonLogout/button/form work, with some CSS to
make it look like a link if you wanted that?
It's
Am 09.12.2010 um 20:04 schrieb Ashley Sheridan:
[...] If
images are called with POST data, then that would prevent them being
cached, which can be done with GET as GET isn't meant to change any
state on the server, meaning potentially a lot more traffic [...]
As I understand
Am 08.12.2010, 23:09 Uhr, schrieb Aryeh Gregor simetrical+...@gmail.com:
On Wed, Dec 8, 2010 at 2:47 PM, Alex Komoroske komoro...@chromium.org
wrote:
=visibilitychanged=
A simple event, fired at the document object immediately after
document.visibility transitions between visibility states.
Am 09.12.2010 um 20:41 schrieb Philipp Serafin:
[...] though this would
also present serious security vulnerabilities, especially in forum pages.
There are quite a number of older web forums that sanitize their HTML
using black lists and would not strip new attributes like post-data.
For
Martin Janecke whatwg@kaor.in schrieb am Thu, 9 Dec 2010 19:59:02
+0100:
What is your opinion on enabling the HTTP POST method for the img
element? The motivation behind this is that there are services which
generate images automatically based on parameters given -- nowadays
provided as
On Fri, 10 Sep 2010, Biju wrote:
Matthew Gregan wrote in
https://bugzilla.mozilla.org/show_bug.cgi?id=571822 :
Firefox fires the timeupdate event once per frame. Safari 5 and Chrome
6 fire every 250ms. Opera 10.50 fires every 200ms.
Now in firefox bug 571822 they are changing Firefox
On Mon, 18 Oct 2010, Chris Pearce wrote:
In the description of the media ready states for HAVE_ENOUGH_DATA [1],
the spec says:
| If the autoplaying flag is true, and the paused attribute is true, and
| the media element has an autoplay attribute specified, and the media
| element is in a
On Fri, Dec 10, 2010 at 1:14 PM, Dennis Joachimsthaler den...@efjot.de wrote:
Maybe we can disallow the visibilitychange event to produce any dialogs
or anything else that could give focus?
window.onvisibilitychange = function(e) {
setTimeout(function() {
alert(Worked around!);
}, 0);
How does HTML 5 relate to ECMAScript, and how does conformance with
ECMA262 affect conformance with HTML 5?
On Sat, 11 Dec 2010, Bjartur Thorlacius wrote:
How does HTML 5 relate to ECMAScript
HTML and JavaScript are both actively-maintained Web technologies.
how does conformance with ECMA262 affect conformance with HTML 5?
It doesn't particularly.
HTH,
--
Ian Hickson U+1047E
13 matches
Mail list logo