I propose that for the open() method we throw a SYNTAX_ERR when the first argument does not match the token production of RFC 2616 and a (not yet defined) SECURITY_ERR when the method is not allowed for security reasons. Depending on whether we go for a blacklist or whitelist we can also have a NOT_SUPPORTED_ERR I suppose.
For the user and password and perhaps the uri argument something similar has to be done I guess.
-- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
