Julian Reschke wrote:
On Sat, 27 Oct 2007, Julian Reschke wrote:
We're long past that. It's trivial for a page to trigger a POST without the user knowing.
I consider that a bug in User Agents.

This is not a widely held opinion.

Well, it's what RFC2616 says. I would argue that if the HTML WG thinks there is a problem in what RFC2616 has to say about how to use unsafe methods, it should bring this to the attention of the newly formed HTTP WG.

True, whenever our spec conflicts with some other group's spec,
it creates a dependency; we're obliged to get review from that
other group and see whether they think what we're doing is

The chairs are supposed to keep track of all such dependencies;
the current HTML 5 draft seems to have a long of them. I have
some notes at http://www.w3.org/html/wg/il16#coord ; I'm thinking
about how to migrate it to tracker.

While the cost of getting review is a consideration, it's
far from a compelling argument. Sometimes the right answer
involves changing more than just the HTML spec.

Meanwhile, there's also the charter to keep track of; when we go
outside the bounds of what our original call for participation
said, we need to update that call for participation by
having the W3C membership review the charter change.

Stay tuned for more on managing the edge of our scope
later this week, in email and/or in the meeting...

Dan Connolly, W3C http://www.w3.org/People/Connolly/

Reply via email to