FYI: https://bugs.webkit.org/show_bug.cgi?id=26143
On Tue, Jun 2, 2009 at 12:45 AM, Jeremy Orlow <jor...@chromium.org> wrote: > On Mon, Jun 1, 2009 at 11:30 PM, Adam Barth <aba...@webkit.org> wrote: > >> On Mon, Jun 1, 2009 at 8:29 PM, Jeremy Orlow <jor...@chromium.org> wrote: >> > If this is the only issue, the parsing code could work around it. There >> are >> > 3 parts to the identifier: the protocol (should never have a _ in it, >> > right?), the domain, and the port (once again, should never have a _). >> It >> > seems as though the parsing code should look for the first _, the last >> _, >> > and then assume everything in the middle is the domain. >> >> I don't know of any reason why a scheme can't have a _... If you'd >> like to change the parsing code to understand domains with a _ this >> way, I think that would be an improvement. >> >> > Doesn't seem like a top priority, but maybe it's worth filing a low >> priority >> > bug for it anyway. Although they are 2 somewhat distinct use cases and >> I >> > see the possibility for misuse and bad assumptions, I'm not terribly >> worried >> > about it. >> >> I think HTML 5 has notions of "origin" and "effective script origin" >> (or some such) that separate these two concepts. It might be worth >> syncing up our internal names with the spec to make these concepts >> more accessible to future developers. > > > Agreed. Most of the new features use the simpler same origin policy which > compares only the protocol, port, and domain. The effective script origin > and the security around cookies are the more complex parts. I believe > there's a fairly clean split between the two parts in the source code. I'll > file a bug tomorrow regarding this opportunity for cleanup. > > J >
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev