Maciej Stachowiak wrote on 2/9/2010 4:13 AM:
HTTPbis should address this threat in the security considerations
section, and should strongly consider making it a MUST-level
requirement for servers to check that the Host header is a host they
serve. If HTTP had that requirement and all servers
On Feb 3, 2010, at 20:54, Drew Wilson wrote:
Following up on breaking out createHTMLNotification() and
createNotification() vs combining them into one large API - I believe the
intent is that a given user agent may not support all types of notifications
(for example, a mobile phone
Last week the XML Security WG published LCWDs of two specs the Widget
Digital Signature CR [Widget-DigSig] references:
XML Signature Properties
http://www.w3.org/TR/2010/WD-xmldsig-properties-20100204/
XML Signature Syntax and Processing Version 1.1
Apologies in advance for this week and next.
Thanks,
David.
-Original Message-
From: public-webapps-requ...@w3.org
[mailto:public-webapps-requ...@w3.org] On Behalf Of Arthur Barstow
Sent: 10 February 2010 13:30
To: public-webapps
Subject: [widgets] Draft Agenda for 11 February 2010
Dear Mr. Barstow,
As indicated in the mails about MPEG-U, I would like to request that the WG
discusses the MPEG liaison regarding widgets. Could you add it to the agenda ?
Best Regards,
Cyril Concolato
Le 10/02/2010 14:29, Arthur Barstow a écrit :
Below is the draft agenda for the 11
Following up to an email from Feb 2009:
Julian Reschke wrote:
Following up to a mail from May 2008:
Julian Reschke wrote:
Sunava Dutta wrote:
...
At this point, I'm not sure why we're bothering with XHR1 at all. It is
*not* what the current implementations do anyway.
[Sunava Dutta] I'm
On Wed, 10 Feb 2010 16:49:18 +0100, Julian Reschke julian.resc...@gmx.de
wrote:
Remind me: what's the purpose of the W3C working on an XHR spec if even
well-documented bugs like this do not get fixed by implementers?
That it is clear this is in fact a bug and needs to be fixed. (I believe
Art,
My regrets, but due to conflicts I will be unable to attend this VC, or next
week's (assuming one is scheduled).
S
On 10 Feb 2010, at 13:29, Arthur Barstow wrote:
Below is the draft agenda for the 11 February Widgets Voice Conference (VC).
Inputs and discussion before the VC on all
On Wed, Feb 10, 2010 at 2:17 AM, Henri Sivonen hsivo...@iki.fi wrote:
On Feb 3, 2010, at 20:54, Drew Wilson wrote:
Following up on breaking out createHTMLNotification() and
createNotification() vs combining them into one large API - I believe the
intent is that a given user agent may not
We ran into this issue when mapping our own browser notifications to
platform notification APIs. For ambient notifications, you can't rely on the
user being able to click on the notification, because the notification might
time out and disappear on its own before the user has had a chance to
On Wed, Feb 10, 2010 at 2:17 AM, Henri Sivonen hsivo...@iki.fi wrote:
On Feb 3, 2010, at 20:54, Drew Wilson wrote:
Following up on breaking out createHTMLNotification() and
createNotification() vs combining them into one large API - I believe the
intent is that a given user agent may not
On Thu, Feb 11, 2010 at 11:10 AM, Robert O'Callahan rob...@ocallahan.orgwrote:
We ran into this issue when mapping our own browser notifications to
platform notification APIs. For ambient notifications, you can't rely on the
user being able to click on the notification, because the
On Thu, Feb 11, 2010 at 11:10 AM, Drew Wilson atwil...@google.com wrote:
One of the suggestions made previously on this thread was to coalesce
createNotification() and createHTMLNotification() into a single API with an
optional HTML parameter - this would allow UAs on systems with
On Wed, Feb 10, 2010 at 2:33 PM, Robert O'Callahan rob...@ocallahan.orgwrote:
On Thu, Feb 11, 2010 at 11:10 AM, Drew Wilson atwil...@google.com wrote:
One of the suggestions made previously on this thread was to coalesce
createNotification() and createHTMLNotification() into a single API with
On Tue, Feb 9, 2010 at 2:50 PM, Maciej Stachowiak m...@apple.com wrote:
A sever can generally determine the domain name of the host it is running on
from the operating system, if it wants to run with zero configuration. That
is apparently what Apache does:
On Wed, Feb 10, 2010 at 3:03 PM, Drew Wilson atwil...@google.com wrote:
On Wed, Feb 10, 2010 at 2:33 PM, Robert O'Callahan rob...@ocallahan.org
wrote:
On Thu, Feb 11, 2010 at 11:10 AM, Drew Wilson atwil...@google.com wrote:
One of the suggestions made previously on this thread was to
On Thu, Feb 11, 2010 at 12:03 PM, Drew Wilson atwil...@google.com wrote:
On Wed, Feb 10, 2010 at 2:33 PM, Robert O'Callahan
rob...@ocallahan.orgwrote:
I think a better way to go would be to support a restricted subset of
HTML, and then consider how the UA should extract text for a
On Wed, Feb 10, 2010 at 3:31 PM, Robert O'Callahan rob...@ocallahan.orgwrote:
On Thu, Feb 11, 2010 at 12:03 PM, Drew Wilson atwil...@google.com wrote:
On Wed, Feb 10, 2010 at 2:33 PM, Robert O'Callahan
rob...@ocallahan.orgwrote:
I think a better way to go would be to support a restricted
Aryeh Gregor wrote on 2/10/2010 3:21 PM:
On Wed, Feb 10, 2010 at 4:37 AM, Bil Corry b...@corry.biz wrote:
Another threat is an attacker crafting a malicious payload in the Host
header, hoping that it gets logged then viewed via a web browser.
That's just straight XSS.
I left it open-ended
On Wed, Feb 10, 2010 at 4:59 PM, Marcos Caceres marc...@opera.com wrote:
I'm sooo totally for that. I want nothing more than to have more
engagement and input from you guys. Our URI spec is in last call and so
is
the access request spec. The specs are really small. Please find a few
hours
On Feb 8, 2010, at 4:25 AM, Doug Schepers wrote:
Hi, Folks-
As you know, we will be up for rechartering on 30 June 2010.
However, we have a few new deliverables, and we've been specifically
advised that though they are arguably in scope, it would be better
transparency if e.g.
On Wed, Feb 10, 2010 at 3:22 PM, Jonas Sicking jo...@sicking.cc wrote:
On Wed, Feb 10, 2010 at 3:03 PM, Drew Wilson atwil...@google.com wrote:
On Wed, Feb 10, 2010 at 2:33 PM, Robert O'Callahan rob...@ocallahan.org
wrote:
On Thu, Feb 11, 2010 at 11:10 AM, Drew Wilson
On Feb 11, 2010, at 2:10 AM, Jonas Sicking jo...@sicking.cc wrote:
On Wed, Feb 10, 2010 at 4:59 PM, Marcos Caceres marc...@opera.com
wrote:
I'm sooo totally for that. I want nothing more than to have
more
engagement and input from you guys. Our URI spec is in last
call and so
is
the
On Wed, Feb 10, 2010 at 5:21 PM, Drew Wilson atwil...@google.com wrote:
On Wed, Feb 10, 2010 at 3:22 PM, Jonas Sicking jo...@sicking.cc wrote:
On Wed, Feb 10, 2010 at 3:03 PM, Drew Wilson atwil...@google.com wrote:
On Wed, Feb 10, 2010 at 2:33 PM, Robert O'Callahan
On Wed, Feb 10, 2010 at 5:42 PM, Marcos Caceres marc...@opera.com wrote:
On Feb 11, 2010, at 2:10 AM, Jonas Sicking jo...@sicking.cc wrote:
On Wed, Feb 10, 2010 at 4:59 PM, Marcos Caceres marc...@opera.com wrote:
I'm sooo totally for that. I want nothing more than to have more
On Wed, Feb 10, 2010 at 5:49 PM, Jonas Sicking jo...@sicking.cc wrote:
And I think the answer is yes. Any time someone talks about an
optional web feature I get nervous. Can you give any examples of
successful optional web features that exist today?
I'd suggest Javascript and Images, but
Hi, Maciej-
Thanks for the feedback.
Maciej Stachowiak wrote (on 2/10/10 8:10 PM):
Some comments:
- I would like to suggest the name Web Messaging for the postMessage /
MessageChannel deliverable.
Done.
- I think the Other Specifications section should be clear on the
right process for
Hi, Folks-
Scott Wilson wrote (on 2/9/10 10:32 AM):
There are a couple of additional areas it would be useful to consider
for future work in the Widgets space, specifically:
- inter-widget communication (both single-user and multi-user, e.g.
collaboration)
- social web APIs for widgets (e.g.
On Wed, 10 Feb 2010 00:39:45 +0100, Eric Westenberger
eric.westenber...@googlemail.com wrote:
sorry, I am not able to follow this explanation.To which binding are you
refering?
See the bits about Web IDL. Specifically the getter keyword specified on
the SQLResultSetRowList interface.
I
On Wed, Feb 10, 2010 at 6:29 PM, Drew Wilson atwil...@google.com wrote:
On Wed, Feb 10, 2010 at 5:49 PM, Jonas Sicking jo...@sicking.cc wrote:
And I think the answer is yes. Any time someone talks about an
optional web feature I get nervous. Can you give any examples of
successful optional
On Thu, 11 Feb 2010 05:40:04 +0100, Doug Schepers schep...@w3.org wrote:
Hi, Folks-
Scott Wilson wrote (on 2/9/10 10:32 AM):
There are a couple of additional areas it would be useful to consider
for future work in the Widgets space, specifically:
- inter-widget communication (both
On 11 Feb 2010, at 08:37, Arve Bersvendsen wrote:
- inter-widget communication (both single-user and multi-user, e.g.
collaboration)
I find this item to be interesting and worth taking on, but I think we ought
to also evaluate it in a wider context than widgets.
+1
If this particular use
32 matches
Mail list logo