On Sat, Jun 21, 2008 at 6:51 PM, Bjoern Hoehrmann [EMAIL PROTECTED] wrote:
The stated goal was to balance easy protection against session riding
attacks without compromising privacy too much. Allowing session riding
via some sites but not others is something that cannot be done securely
today
Bjoern Hoehrmann wrote:
* Jonas Sicking wrote:
It makes no sense to me to for HTTP say that the total number of bytes
should include HTTP headers. It would be similar to including the TCP
headers in the IP packets IMHO.
There is a big difference here, an application might not have
Bjoern Hoehrmann wrote:
* Jonas Sicking wrote:
First off, as before, when I talk about cookies in this mail I really
mean cookies + digest auth headers + any other headers that carry the
users credentials to a site.
I don't quite see why you would mix these. Is there anywhere where I can
On Sun, 22 Jun 2008 00:18:45 +0200, Bjoern Hoehrmann [EMAIL PROTECTED]
wrote:
Anne's proposed solution is not valid either, except when applied to
DOM Core, rescinding EntityReference nodes alltogether, as the issue is
about how to implement this interface if you do have EntityReference
nodes
On Sat, Jun 21, 2008 at 4:34 PM, Bjoern Hoehrmann [EMAIL PROTECTED] wrote:
Unfortunately no, but so far it's the best we've got available to us.
It's always possible to fill in any gaps from other's personal IRC logs;
it's quite simple for Krijn to insert them if someone sends them to him.
Many
Hi!
In the current spec
(http://www.w3.org/TR/2008/WD-XMLHttpRequest-20080415/) I do not see
the possibility to POST application/x-www-form-urlencoded data with
charset other than UTF-8. I think this is limiting factor, which
should be avoided. UTF-8 is good versatile encoding but it is not
