Re: [widgets] WARP default policy

2010-05-05 Thread Marcos Caceres
On Tue, May 4, 2010 at 7:29 PM, Scott Wilson scott.bradley.wil...@gmail.com wrote: I've just been reading through the WARP spec again, and in particular this stood out: In the default policy, a user agent must deny access to network resources external to the widget by default, whether this

Re: [widgets] API - openURL security considerations

2010-05-05 Thread Thomas Roessler
On 4 May 2010, at 14:10, Marcos Caceres wrote: Right. I have clarified this: [[ A user agent must not navigate the browsing context of a widget instance through the openURL() method: the concept of navigate is defined in [HTML5]. This restriction is imposed so an arbitrary web site cannot

Re: [widgets] WARP default policy

2010-05-05 Thread Robin Berjon
On May 4, 2010, at 19:29 , Scott Wilson wrote: I've just been reading through the WARP spec again, and in particular this stood out: In the default policy, a user agent must deny access to network resources external to the widget by default, whether this access is requested through APIs

how to use the access element?

2010-05-05 Thread 石梦军
Hi: I don't known how to use widget access request policy, is any examples for it, thanks. best my regards!

Re: Status of Selectors API Level 1 Candidate

2010-05-05 Thread Lachlan Hunt
+public-webapps, -team-webapps On 2010-05-04 18:23, Arthur Barstow wrote: The Selectors API Candidate says: [[ http://www.w3.org/TR/2009/CR-selectors-api-20091222/ There are several known implementations believed to be complete and interoperable (or on the point of being so) and the WebApps

Seeking implementation data for XBL2

2010-05-05 Thread Arthur Barstow
Hi André, All, Below, André asks for XBL2 implementation status. I think the last time this was discussed on public-webapps was June 2009 [1] (and a somewhat related thread in March 2010 on www-tag [2]). All - if you have some status information re XBL2 implementations, please do share

Re: Quick review of RDFa DOM API?

2010-05-05 Thread Arthur Barstow
Hi Manu, Thanks for your e-mail (and the succinct list of relevant questions). All - can anyone in the WebApps WG/Community commit to a quick high- level review of the RDFa DOM API draft? Manu - FYI, we've got a significant number of specs in progress [1] so I don't think you should block

Re: Quick review of RDFa DOM API?

2010-05-05 Thread Robin Berjon
Hi Manu, On May 1, 2010, at 08:03 , Manu Sporny wrote: This is a call to see if anyone from this WG can do a quick high-level review of the RDFa DOM API. We are planning a FPWD in a week or two and would like to see if what we have so far is a good start, makes sense to those unfamiliar with

DigSig feedback

2010-05-05 Thread Robin Berjon
Hi all, this is the official Vodafone feedback on the proposed rewriting of DigSig. The spec looks good to us. We don't have any objection to removing the requirement on the signer to order the signature files. Getting the validator to do it instead is fine and is probably preferable. Our

Re: [widgets] WARP default policy

2010-05-05 Thread Marcos Caceres
On Wed, May 5, 2010 at 11:40 AM, Robin Berjon ro...@berjon.com wrote: On May 4, 2010, at 19:29 , Scott Wilson wrote: I've just been reading through the WARP spec again, and in particular this stood out: In the default policy, a user agent must deny access to network resources external to

Re: [widgets] WARP default policy

2010-05-05 Thread Scott Wilson
On 5 May 2010, at 10:40, Robin Berjon wrote: On May 4, 2010, at 19:29 , Scott Wilson wrote: I've just been reading through the WARP spec again, and in particular this stood out: In the default policy, a user agent must deny access to network resources external to the widget by default,

Re: [widgets] WARP default policy

2010-05-05 Thread Marcos Caceres
On Wed, May 5, 2010 at 3:59 PM, Scott Wilson scott.bradley.wil...@gmail.com wrote: On 5 May 2010, at 10:40, Robin Berjon wrote: On May 4, 2010, at 19:29 , Scott Wilson wrote: I've just been reading through the WARP spec again, and in particular this stood out: In the default policy, a user

Re: Seeking implementation data for XBL2

2010-05-05 Thread Tab Atkins Jr.
On Wed, May 5, 2010 at 5:10 AM, Arthur Barstow art.bars...@nokia.com wrote: Hi André, All, Below, André asks for XBL2 implementation status. I think the last time this was discussed on public-webapps was June 2009 [1] (and a somewhat related thread in March 2010 on www-tag [2]). All - if

Re: DigSig feedback

2010-05-05 Thread Arthur Barstow
On May 5, 2010, at 9:40 AM, ext Robin Berjon wrote: Our only other comment on the specification is related to the new requirement for the validator to support C14N11: A validator MUST support [C14N11] to process a ds:Reference that specifies [C14N11] as a canonicalization method. If we

Pre-LC Review Requested: System Information API

2010-05-05 Thread Robin Berjon
Hi all, as part of its work the DAP WG has been developing a System Information API. The abstract describes it thus: This specification defines an API to provide Web applications with access to various properties of the system which they are running on. Specifically, properties pertaining to

Re: how to use the access element?

2010-05-05 Thread Marcos Caceres
2010/5/5 石梦军 talking1...@126.com: Hi:    I don't known how to use  widget access request policy, is any examples for it, thanks. We have a few: http://dev.w3.org/2006/waf/widgets-access/#usage-example -- Marcos Caceres Opera Software ASA, http://www.opera.com/ http://datadriven.com.au

Minor DigSig feedback

2010-05-05 Thread Andreas Kuehne
Hi all, just a minor comment found by build a test case : Section7.1. Common Constraints for Signature Generation and Validation 1. [...] 2. [...] 3. For each ds:Reference element: 1. The URI attribute MUST be a zip relative path

Re: Status of Selectors API Level 1 Candidate

2010-05-05 Thread Thomas Broyer
On Wed, May 5, 2010 at 4:28 PM, Tab Atkins Jr. jackalm...@gmail.com wrote: On Wed, May 5, 2010 at 4:56 AM, Lachlan Hunt lachlan.h...@lachy.id.au wrote: I have not been able to test IE9 because I don't have access to Windows Vista or 7.  I would appreciate it if anyone who has a copy of the last

Re: Pre-LC Review Requested: System Information API

2010-05-05 Thread Jonas Sicking
First of all, I should note that I don't expect that mozilla will implement this spec anytime soon, if at all. The user value / privacy risk ratio is simply too low. If we do implement it, we would have to agressively deny all requests until the user had taken the first step and actively asked to

Re: Seeking implementation data for XBL2

2010-05-05 Thread Jonas Sicking
On Wed, May 5, 2010 at 7:31 AM, Tab Atkins Jr. jackalm...@gmail.com wrote: On Wed, May 5, 2010 at 5:10 AM, Arthur Barstow art.bars...@nokia.com wrote: Hi André, All, Below, André asks for XBL2 implementation status. I think the last time this was discussed on public-webapps was June 2009 [1]

Re: Pre-LC Review Requested: System Information API

2010-05-05 Thread Jonas Sicking
Oh, I should add the usual disclaimer:

Re: [IndexedDB] Interaction between transactions and objects that allow multiple operations

2010-05-05 Thread Jeremy Orlow
On Wed, May 5, 2010 at 7:02 PM, Shawn Wilsher sdwi...@mozilla.com wrote: On 5/4/2010 7:17 PM, Pablo Castro wrote: c) require an explicit transaction always, along the lines Nikunj's original proposal had it. We would move most methods from database to transaction (except a few properties

Re: [IndexedDB] Interaction between transactions and objects that allow multiple operations

2010-05-05 Thread Shawn Wilsher
On 5/5/2010 11:44 AM, Jeremy Orlow wrote: On the other hand, a lot of even the most basic tasks probably should be done within a transaction. But if the easiest way to do something is to just run it outside of a transaction, I'm guessing a good portion of users (including tutorial websites,

Re: [IndexedDB] Interaction between transactions and objects that allow multiple operations

2010-05-05 Thread Jeremy Orlow
On Wed, May 5, 2010 at 8:56 PM, Shawn Wilsher sdwi...@mozilla.com wrote: On 5/5/2010 11:44 AM, Jeremy Orlow wrote: On the other hand, a lot of even the most basic tasks probably should be done within a transaction. But if the easiest way to do something is to just run it outside of a

Re: [IndexedDB] Interaction between transactions and objects that allow multiple operations

2010-05-05 Thread Shawn Wilsher
On 5/5/2010 1:09 PM, Jeremy Orlow wrote: I'd also worry that if creating the transaction were completely transparent to the user that they might not think to close it either. (I'm mainly thinking about copy-and-paste coders here.) I should have been more clear. That statement goes along with

Re: Client side JavaScript i18n API

2010-05-05 Thread Nebojša Ćirić
Hi, we've updated the API proposal (at http://docs.google.com/Doc?id=dhttrq5v_0c8k5vkdh). We've covered most of the comments related to other APIs, including CommonJS. Could you take another look? (you can leave comments in the document or post them back to this thread) Regards, Nebojsa