Ian Hickson wrote:
On Wed, 18 Jun 2008, Zhenbin Xu wrote:
[Zhenbin Xu] Regardless what different browser does today, rich parsing
error is an important feature for developers. I have found it can
pinpoint the exact problem that otherwise would have been difficult to
identify when I sent
timeless wrote:
generally what i've seen is that exposing some information about a
parse error to a script is a great way to enable data leaks to a
malicious application.
On Thu, Jun 19, 2008 at 11:19 AM, Julian Reschke [EMAIL PROTECTED] wrote:
Could you please provide some more information
On Thu, 19 Jun 2008 11:42:57 +0200, Ian Hickson [EMAIL PROTECTED] wrote:
On Thu, 19 Jun 2008, Jonas Sicking wrote:
This has one side-effect, which is that it doesn't work well with XBL
or VBWG in environments where the XBL file (or VXML file) is
customised to the user but accessed cross-site.
Doug Schepers wrote:
And that causes problems like
http://mozilla.pettay.fi/moztests/pixelscrolling.mov
Can you provide some context for what is going on in that video? What
is the problem that illustrates? Does it relate to the scrolling vs.
zooming of the map?
The problem is that
Julian Reschke wrote:
timeless wrote:
On Thu, Jun 19, 2008 at 1:09 PM, Julian Reschke
[EMAIL PROTECTED] wrote:
Can you provide an example where providing *XML* parse error information
within *XHR* would be problematic?
i really shouldn't have to. imagine a document that is not CSS and is
Julian Reschke wrote:
Could you please provide some more information or give an example about
when this would be the case?
Here's a simple past example, if I understand your question correctly.
One can set an onerror handler on Window that will trigger if an exception is
thrown and not
-Original Message-
From: Julian Reschke [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 19, 2008 12:13 AM
To: Ian Hickson
Cc: Zhenbin Xu; Jonas Sicking; Anne van Kesteren; Sunava Dutta; IE8
Core AJAX SWAT Team; public-webapps@w3.org
Subject: Re: responseXML/responseText exceptions
Maciej Stachowiak wrote:
On Jun 14, 2008, at 4:23 AM, Jonas Sicking wrote:
I must say though, this is starting to sound complex and I am not
totally convinced of the need to make servers opt in to getting
cookies. Is it really a likely mistake that someone would take
affirmative steps
-Original Message-
From: Jonas Sicking [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 19, 2008 1:24 AM
To: Zhenbin Xu
Cc: Anne van Kesteren; Sunava Dutta; IE8 Core AJAX SWAT Team; public-
[EMAIL PROTECTED]
Subject: Re: responseXML/responseText exceptions and parseError
Zhenbin Xu
Zhenbin Xu wrote:
[Zhenbin Xu] Regardless what different browser does today, rich
parsing
error is an important feature for developers. I have found it can
pinpoint
the exact problem that otherwise would have been difficult to
identify when
I sent incorrectly constructed XML file.
And
Ian Hickson wrote:
On Thu, 19 Jun 2008, Jonas Sicking wrote:
And it's useful for pages that contain private information only when
cookies are sent, but when no cookies are sent they only provide public
information. I've given two examples of this in other threads:
1. A news site serving
I think we are now off track.
Nonetheless we should realize that customer cannot
write an interoperable page with my fictional home grown browser if it doesn't
exist
or doesn't have the needed feature when the page was written. I doubt customers
would write against particular browser if equal
Maciej Stachowiak wrote:
On Jun 14, 2008, at 4:23 AM, Jonas Sicking wrote:
...snip...
I mean, I guess
it's possible people will do this, but people could add
Access-Control-Allow-Credentials site-wide too. And if we add
Access-Control-Allow-Credentials-I-Really-Mean-It,
On Thu, 19 Jun 2008, Jonas Sicking wrote:
This only helps with servers that have same-domain pages that accept
cookies, but have no cross-domain pages that accept cookies, ever
(since if any of the cross-domain pages accept cookies, then our
initial assumption -- that the site
On Jun 19, 2008, at 1:48 PM, Jonas Sicking wrote:
Maciej Stachowiak wrote:
After reviewing your comments, I am much more inclined to favor
Microsoft's proposal on this: rename the relevant headers. I think
you argued that this doesn't scale, but I think only two headers
have to be
Zhenbin Xu wrote:
Sorry I accidently deleted part of reply. Inline...
-Original Message-
From: Jonas Sicking [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 19, 2008 2:17 PM
To: Zhenbin Xu
Cc: Anne van Kesteren; Sunava Dutta; IE8 Core AJAX SWAT Team; public-
[EMAIL PROTECTED]
Subject:
Maciej Stachowiak wrote:
On Jun 19, 2008, at 1:48 PM, Jonas Sicking wrote:
Maciej Stachowiak wrote:
After reviewing your comments, I am much more inclined to favor
Microsoft's proposal on this: rename the relevant headers. I think
you argued that this doesn't scale, but I think only two
Ian Hickson wrote:
On Thu, 19 Jun 2008, Jonas Sicking wrote:
This only helps with servers that have same-domain pages that accept
cookies, but have no cross-domain pages that accept cookies, ever
(since if any of the cross-domain pages accept cookies, then our
initial assumption -- that the
On Thu, 19 Jun 2008, Jonas Sicking wrote:
The site is as always responsible for asking the user before allowing
third-party access to private data, and yes, if they fail to do so
properly they will be vulnerable.
So I guess I don't really understand what your proposal solves, then. It
Ian Hickson wrote:
On Thu, 19 Jun 2008, Jonas Sicking wrote:
The site is as always responsible for asking the user before allowing
third-party access to private data, and yes, if they fail to do so
properly they will be vulnerable.
So I guess I don't really understand what your proposal
Ian Hickson wrote:
On Thu, 19 Jun 2008, Jonas Sicking wrote:
So I guess I don't really understand what your proposal solves, then.
It seems like a lot of complexity for only a very minimal gain in only
one very specific scenario (the site doesn't ever return cookie-based
data cross-site).
-Original Message-
From: Jonas Sicking [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 19, 2008 7:22 PM
To: Zhenbin Xu
Cc: Sunava Dutta; Ian Hickson; public-webapps@w3.org; IE8 Core AJAX
SWAT Team
Subject: Re: New: Tracking Issues in XHR that we raisedRE: Was:
Further LC Followup
Hi Marc,
On Thu, Jun 19, 2008 at 6:05 AM, Marc Silbey
[EMAIL PROTECTED] wrote:
Hey Marcos,
I totally understand why you would be frustrated by our behavior here.
I owe you, Anne, Art and the rest of the WAF group an apology for falling off
the radar without telling you where I was going. I
23 matches
Mail list logo