On Sat, 22 Sep 2007 05:28:13 +0200, Maciej Stachowiak <[EMAIL PROTECTED]>
wrote:
On Sep 21, 2007, at 3:34 AM, Anne van Kesteren wrote:
I think HTML5 needs to define this as my understanding is that
document.domain is also relevant in deciding whether or not a request
is same-origin. I'm not sure if that's happening soon though.
I don't think document.domain would apply when determining same origin
for XMLHttpRequest.
Thanks Boris, Jonas and Maciej for your replies.
http://dev.w3.org/2006/webapi/XMLHttpRequest/Overview.html#same-origin
defines same-origin for two URIs and is used in
http://dev.w3.org/2006/webapi/XMLHttpRequest/Overview.html#open
It would be nice to get some implementation feedback on what to do about
data:, javascript: etc.
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
