On Mon, 20 Mar 2006 20:00:19 +0100, Jonas Sicking [EMAIL PROTECTED] wrote:
Here's a draft for a security section of the XHR spec. It's probably in
desperate need of editing from someone with more spec writing experience
then me, but it's a start.
That start has now been integrated
On Thu, 06 Apr 2006 11:51:17 +0200, Jim Ley [EMAIL PROTECTED] wrote:
I don't see why responseText MUST be null other than in readyState 3
or 4, why not undefined (e.g. if the firing of the 2 is delayed for
some reason then data could be available) Equally MUST on 3 is
incompatible with
On Tue, 28 Feb 2006 02:38:50 +0100, Jonas Sicking [EMAIL PROTECTED] wrote:
What we do is that we use window.document.baseURI, most likely for IE
compat wrt interaction with base.
It is worse if multiple documents are calling each other and there are
XMLHttpRequest objects involved. Then it
On Fri, 21 Apr 2006 15:58:27 +0200, Bjoern Hoehrmann [EMAIL PROTECTED]
wrote:
example) would contain a user name and password. I *assume* you're
referring to the userinfo production in RFC3986; e.g.,
http://user:[EMAIL PROTECTED]/path/?query
It may be better to use this terminology
On Wed, 26 Apr 2006 07:10:51 +0200, Karl Dubost [EMAIL PROTECTED] wrote:
The specification is here to set what is the correct behavior for the
technology. Certainly there will be problems of interoperability,
because of the history of the development. But I believe that a
complete Test
On Wed, 26 Apr 2006 16:22:49 +0200, Ian Hickson [EMAIL PROTECTED] wrote:
This has been asked a couple of times before. At some point reset will
be defined and it will say that all members of the object are set to
their initial value (as if you create a new instance of the object yes,
I
Anne van Kesteren [EMAIL PROTECTED]
Currently some browsers have a whitelist and others have a blacklist and
the group has resolved to go for a whitelist containing all safe methods
that currently exist, unless the IETF comes up with good reasons not to.
I disagree with this decision, I do
On Sun, 14 May 2006, Anne van Kesteren wrote:
On Wed, 26 Apr 2006 16:22:49 +0200, Ian Hickson [EMAIL PROTECTED] wrote:
This has been asked a couple of times before. At some point reset will
be defined and it will say that all members of the object are set to
their initial value (as if
On Sun, 14 May 2006, Anne van Kesteren wrote:
var request = new XMLHttpRequest();
Given that it doesn't have to be a request I think 'r' is saver or
perhaps just 'x'...
Please don't use single letter variable names for anything but loop index
variables (in languages that require
reponseText now reads:
If the codetermreadyState/term/code attribute has a value
other than 3 (Receiving) or 4 (Loaded), it MUST be the empty string.
Otherwise, it MUST be the fragment of the entity body received so
far (when codereadyState/code is 3 (Receiving)) or the entity
On Sun, 14 May 2006 13:59:34 +0200, Jim Ley [EMAIL PROTECTED] wrote:
There are currently some methods that can't be allowed for security
reasons and because such method smay be introduced in the future as
well allowing arbitrary method names does not seem like a good idea.
I think you need
On Sun, 14 May 2006 14:00:08 +0200, Ian Hickson [EMAIL PROTECTED] wrote:
Currently it says:
When invoked, this method MUST cancel any network activity for which
the object is responsible and reset the object.
That's fine.
Ok!
--
Anne van Kesteren
http://annevankesteren.nl/
Anne van Kesteren [EMAIL PROTECTED]
On Sun, 14 May 2006 14:25:01 +0200, Jim Ley [EMAIL PROTECTED] wrote:
This is another difference that is not compatible with existing
implementations, why is the 3 not a SHOULD? to meet the goals of being
compatible with existing implementations.
Which is
On Mon, 20 Mar 2006 08:33:35 +0100, Jonas Sicking [EMAIL PROTECTED] wrote:
I tested what mozilla does when receiving a statuscode of 403.
We basically do the same as for a 200, except that xhr.status returns
403. The onreadystatechange handler fires as normal and both
xhr.responseXML and
On Sun, 14 May 2006 14:35:16 +0200, Jim Ley [EMAIL PROTECTED] wrote:
That was your personal opinion, and not a decision by the group...
currently I do not believe any of todays user agents could pass a test
suite of the XHR object, if that's the case then I think it's difficult
to claim
On Sun, 14 May 2006 14:05:57 +0200, Ian Hickson [EMAIL PROTECTED] wrote:
var request = new XMLHttpRequest();
Given that it doesn't have to be a request I think 'r' is saver or
perhaps just 'x'...
Please don't use single letter variable names for anything but loop index
variables (in
Used text:
A more complete description of what can be done with
codeXMLHttpRequest/code can be found in the
abbr title=Interface Definition LanguageIDL/abbr below
and its associated details. The IDL is non-normative and does
not intend to conform to [OMGIDL]. Only the language
Anne van Kesteren [EMAIL PROTECTED]
During the F2F (again, minutes are not yet released) the group agreed upon
not having this reliable baseline approach as it didn't work out.
Aha, great! that makes a lot of stuff simpler! I'm happy with the MUST now
I hope that clarifies things and I
On Wed, 22 Mar 2006 15:45:21 +0100, Jim Ley [EMAIL PROTECTED] wrote:
Fair enough, here are the requirements for the name:
* short
* simple
Why are these requirements for the name, no other DOM names are short
and simple, they're clear and unambiguous, I'd say they were the
requirements.
Le 06-05-14 à 20:21, Anne van Kesteren a écrit :
On Wed, 26 Apr 2006 07:10:51 +0200, Karl Dubost [EMAIL PROTECTED] wrote:
The specification is here to set what is the correct behavior
for the technology. Certainly there will be problems of
interoperability, because of the history of the
* Anne van Kesteren wrote:
Internet Explorer removed support for illegal HTTP URLs such as the one
you've provided above because it has been abused too much in phishing
mails. For other schemes where this is perfectly valid, like ftp, it
works just fine in Internet Explorer.
What does IE
On Mon, 24 Apr 2006 21:15:36 +0200, Mark Baker [EMAIL PROTECTED] wrote:
On 4/22/06, Maciej Stachowiak [EMAIL PROTECTED] wrote:
Current implementations silently ignore the body in this case.
FWIW, I decided to test this. As it turns out, IE and Firefox on
WinXP pass bodies on all methods
On Sun, 14 May 2006, Anne van Kesteren wrote:
On Sun, 14 May 2006 14:05:57 +0200, Ian Hickson [EMAIL PROTECTED] wrote:
var request = new XMLHttpRequest();
Given that it doesn't have to be a request I think 'r' is saver or
perhaps just 'x'...
Please don't use single letter
23 matches
Mail list logo