On 18/04/2006 18:14, Ian Hickson wrote:
I'm not sure that's simpler, but more importantly, I would suggest that is
out of scope for this specification. You may be interested in work that
Gervase Markham has been doing on this topic:
http://www.gerv.net/security/content-restrictions/
...as well as discussions of a <sandbox> element in the WHATWG list, e.g.:
http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2005-December/005294.html
Those are interesting ideas but my proposal is specifically to limit the
scope of which 3rd party hosts can be accessed by the XHR object. Why is
that out of scope?
Ian