On Mon, 02 Jun 2014 11:32:45 +0200, Anne van Kesteren ann...@annevk.nl
wrote:
How big of a problem is it that we're making link as dangerous as
script? HTML imports can point to any origin which then will be able
to execute scripts with the authority of same-origin.
I still think it is a
Hi Piotr, All,
This is a reminder the W3C's Patent Policy has a goal of assuring W3C
Recommendations can be implemented Royalty-Free and this requires all
spec contributions include a commitment to that policy. This topic was
last discussed in September 2013 and I encourage all Contributors
On 2 June 2014 00:08, Domenic Denicola dome...@domenicdenicola.com wrote:
Presumably RedirectResponse being a subtype would also be acceptable, as
its .prototype.constructor would be RedirectResponse?
Yeah, although I'm not sure there's a need to override any functionality
here, so not sure
From: Jake Archibald [mailto:jaffathec...@gmail.com]
Agreed. So Response.redirect(url, status)?
LGTM
Ugh, I meant Request for a lot of that:
I'd like to add similar-style factories to *Request* which set header
mode defaults
Request.image(url);
Request.font(url);
etc. Don't need these for the first pass though.
On 3 June 2014 14:01, Jake Archibald jaffathec...@gmail.com wrote:
On 2 June
On 6/2/14 11:28 AM, Arun Ranganathan wrote:
On Jun 1, 2014, at 1:22 PM, Julian Ladbury
julian.ladb...@berrick-computing.co.uk
mailto:julian.ladb...@berrick-computing.co.uk wrote:
I fail to understand why work on this API has been suspended.
Just to be clear, by “this API” I think you
On June 2, 2014 at 4:52:41 PM, Alex Russell (slightly...@google.com) wrote:
The Chrome team is excited about this direction and is collaborating
on the manifest format in order to help make aspects of this real.
In particular we're excited to see a Service Worker entry added
to the
Arthur Arun,
Thank you for your help and clarification. I can calm down now!
Yes, to be clear, by this API I did mean:
http://dev.w3.org/2009/dap/file-system/file-writer.html
Julian
-Original Message-
From: Arthur Barstow [mailto:art.bars...@gmail.com]
Sent: 03 June 2014 15:06
To: Arun
On 02/06/2014 15:08 , Boris Zbarsky wrote:
On 6/2/14, 9:02 AM, James M Snell wrote:
I suppose that If you
needed the ability to sandbox them further, just wrap them inside a
sandboxed iframe.
The worry here is sites that currently have html filters for
user-provided content that don't know
On Thu, May 29, 2014 at 4:58 PM, Marcos mar...@marcosc.com wrote:
I would change them to:
enum RequestMode { same-origin, cors, cors-tainted, cors-preflight };
cors-preflight does not really express the same thing. cors might
have preflights too. But maybe I should hide the difference between
On Tue, Jun 3, 2014 at 3:04 PM, Domenic Denicola
dome...@domenicdenicola.com wrote:
Agreed. So Response.redirect(url, status)?
LGTM
Done.
--
http://annevankesteren.nl/
On Sun, Jun 1, 2014 at 8:06 AM, Domenic Denicola
dome...@domenicdenicola.com wrote:
- HeaderMap should have a constructor that takes an iterable of [key, value]
pairs, in the same way Map does.
Yeah, waiting for IDL hooks that would work here ;-)
- I like HeaderMap a lot, but for
On 3 June 2014 16:50, Anne van Kesteren ann...@annevk.nl wrote:
On Sun, Jun 1, 2014 at 8:06 AM, Domenic Denicola
dome...@domenicdenicola.com wrote:
- I like HeaderMap a lot, but for construction purposes, I wonder if a
shorthand for the usual case could be provided. E.g. it would be nice to
A clarification to make sure people in same page:
On Mon, Jun 2, 2014 at 5:54 AM, James M Snell jasn...@gmail.com wrote:
So long as they're handled with the same policy and restrictions as the
script tag, it shouldn't be any worse.
HTML Imports are a bit more strict. They see CORS header and
On 6/3/14, 12:48 PM, Hajime Morrita wrote:
HTML Imports are a bit more strict. They see CORS header and decline if
there is none for cross origin imports.
Also, requests for imports don't send any credentials to other origins.
These two measures prevent attacks on other origins via imports.
On Tue, Jun 3, 2014 at 9:59 AM, Boris Zbarsky bzbar...@mit.edu wrote:
On 6/3/14, 12:48 PM, Hajime Morrita wrote:
HTML Imports are a bit more strict. They see CORS header and decline if
there is none for cross origin imports.
Also, requests for imports don't send any credentials to other
On Tue, Jun 3, 2014 at 9:38 AM, Jake Archibald jaffathec...@gmail.com wrote:
On 3 June 2014 16:50, Anne van Kesteren ann...@annevk.nl wrote:
On Sun, Jun 1, 2014 at 8:06 AM, Domenic Denicola
dome...@domenicdenicola.com wrote:
- I like HeaderMap a lot, but for construction purposes, I wonder
All,
This is a Request for Comments for the June 3 Encoding specification
that WebApps was asked to review:
http://www.w3.org/TR/2014/WD-encoding-20140603/
Individual WG members are encouraged to provide individual feedback.
If anyone in WebApps wants to propose an official group
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25969
Bug ID: 25969
Summary: [XHR] Does process response body get processed even
if the XHR is abort()-ed in readystatechange?
Product: WebAppsWG
Version: unspecified
19 matches
Mail list logo