On Thu, 15 May 2008, Julian Reschke wrote: > Ian Hickson wrote: > > ... > > Incidentally, I think I would recommend removing the blacklist from AC, > > since AC has a whitelist. Having both seems pointless. > > ... > > You mean disallowing all headers except a known list??? Nope. > > Again, that would mean profiling HTTP, and make it impossible to deploy new > stuff.
It's what XHR2+AC already requires, I'm just suggesting simplifying the prose of AC to remove the redundant blacklist (since it doesn't have any testable block-box effect). -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
