Kevin Reid wrote: > On Jul 9, 2009, at 20:08, [email protected] wrote: >> Reviewers: ihab.awad, >> >> Description: >> cajole_html uses a unique PluginEnvironment >> that allows limited filesystem references, >> but barfs on most uses of #fragments. >> >> this change relaxes the restriction on #fragments. >> so now <a href="#foo"> is allowed, >> and if href="foo.html" is allowed, >> then href="foo.html#bar" is also allowed. > > Don't some webapps use fragments interpreted by JavaScript as > commands/internal hyperlinks?
Such as Waterken server apps, to give a concrete example. (OTOH, for the Waterken server the capability in the fragment is supposed to only be known by subjects that have the authority to access it; it would be a little strange for a PluginEnvironment to make access decisions based on this capability.) -- David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
