On Tue, Apr 7, 2009 at 3:57 PM, Jonas Sicking <jo...@sicking.cc> wrote: > My point is that having two APIs that are identical and intended to be > used for basically the same thing, except for that they use different > security models, is a security bug waiting to happen.
So you do of course realize that this is exactly what the WG is currently proposing, right? Browser version X will have an XHR with one security model and browser version X+1 will have an identical XHR API with a different security model. --Tyler