Jonas Sicking: > My gut reaction is to leave this out from the spec and not let WebIDL > specify security aspects.
Agreed. It’d be fine even for other specs (HTML5?) to define their own security-related extended attributes to avoid writing prose that defines when SECURITY_ERRs get thrown, but I don’t think the place to define such an extended attribute is in Web IDL itself. -- Cameron McCormack ≝ http://mcc.id.au/
