All,
Two EU-funded projects have implemented the draft W3C Widgets
specifications, both the packaging and API parts.
What is notable from these projects have been the adaptations used to
enable widgets conforming to the draft to be used in a web environment
rather than in a dedicated
On Thu, Jan 8, 2009 at 7:51 PM, Arthur Barstow art.bars...@nokia.com wrote:
JS: there is a protocol for helping sort out a chain if something is
missing
... Gecko has some new suport for this
it's indeed AIA - Authority Information Access
Maciej Stachowiak wrote on 1/15/2009 12:47 AM:
So one thing to keep in mind is that any POST-based form would not be
vulnerable to this kind of attack unless the victim site actually
submits a form to an untrusted site. There is no way for a GET request
to be redirected to a POST, and it
Hi Rigo.
Rigo Wenning:
it is not clear to me what you are exactly asking for. The Apache XML
commons files now contain the right text in
http://svn.apache.org/repos/asf/xml/commons/trunk/java/external/
Yes, Michael Glavassevich updated the text there just recently, but I
pointed out to him
On Jan 15, 2009, at 7:24 AM, Bil Corry wrote:
Maciej Stachowiak wrote on 1/15/2009 12:47 AM:
So one thing to keep in mind is that any POST-based form would not be
vulnerable to this kind of attack unless the victim site actually
submits a form to an untrusted site. There is no way for a GET
Hixie said the position I expressed was a little unclear, so I'd like
to clarify briefly:
1) FACT: The HTML5 version of the CSRF-defense header (currently
called 'XXX-Origin' as a temporary measure) is specified not to be
sent for GET requests.
1.a) FACT: As a result, it does not
