Re: [whatwg] cross-domain scrollIntoView on frames and iframes

Peter Kasting wrote, On 05/04/2009 0.54: On Sat, Apr 4, 2009 at 12:56 PM, timeless wrote: sounds like a security nightmare. Can you be less vague? We've had a number of security people vet this already, so specific complaints would be very helpful. PK It would make clickjacking at

Re: [whatwg] How long should sessionStorage data persist?

On Fri, Apr 3, 2009 at 5:29 PM, Ian Hickson wrote: > On Fri, 3 Apr 2009, Darin Fisher wrote: > > > > In Chrome we also create a new browsing context when the user types a new > > URL into the location bar of an existing tab. > > So a user can't hit the back button after typing in a URL? The use

Re: [whatwg] cross-domain scrollIntoView on frames and iframes

On Sat, Apr 4, 2009 at 12:56 PM, timeless wrote: > sounds like a security nightmare. Can you be less vague? We've had a number of security people vet this already, so specific complaints would be very helpful. PK

Re: [whatwg] cross-domain scrollIntoView on frames and iframes

sounds like a security nightmare. we already have people complaining about reframing and spoofing and things.

Re: [whatwg] How long should sessionStorage data persist?

On , Jeremy Orlow wrote: > I think this also applies: "NOTE: The lifetime of a browsing context can be > unrelated to the lifetime of the actual user agent process itself, as the > user agent may support resuming sessions after a restart." Should that restore sessionStorage data ? Aren't you mak

Re: [whatwg] Fwd: Remarks on HTML5 (ASCII / Unicode)

It seems that getting the element name is not covered at all, it is a core interface, so definitions in the HTML specification do not apply. Chris

Re: [whatwg] Fwd: Remarks on HTML5 (ASCII / Unicode)

On Sat, 04 Apr 2009 10:06:55 +0200, Kristof Zelechovski wrote: I suppose that converting a string to uppercase is an action relevant only to cases where only ASCII character set is allowed in the argument, such as HTML element names. Within this restricted application domain, converting t

Re: [whatwg] Fwd: Remarks on HTML5 (ASCII / Unicode)

Well again it depends if you read the spec with an ASCII point of view or a Unicode point of view If I read carefully the spec, it is explicitly said that [[ 3.3.3.8 Embedding custom non-visible data A custom data attribute is an attribute whose name starts with the string "data-", has at least

Re: [whatwg] Fwd: Remarks on HTML5 (ASCII / Unicode)

An attribute named data-K is allowed.

Re: [whatwg] Fwd: Remarks on HTML5 (ASCII / Unicode)

Sorry, I don't see the answer to my question here ! On Sat, Apr 4, 2009 at 10:54 AM, Kristof Zelechovski wrote: > data-* attributes allow XML name characters and they are converted to > lower case in HTML (ASCII, AIUI). > > BTW, editorial correction for > 3.3.3.8

Re: [whatwg] Worker feedback

On Sat, Apr 4, 2009 at 11:17 AM, Jeremy Orlow wrote: > True serializability would imply that the HTTP request read and write are > atomic. In other words, you'd have to keep a lock for the entirety of each > HTTP request and couldn't do multiple in parallel. When I said there's no > way to guar

Re: [whatwg] Fwd: Remarks on HTML5 (ASCII / Unicode)

data-* attributes allow XML name characters and they are converted to lower case in HTML (ASCII, AIUI). BTW, editorial correction for 3.3.3.8 : should be "its name contains no characters in th

Re: [whatwg] Fwd: Remarks on HTML5 (ASCII / Unicode)

Well that could be a good answer indeed Now let's try to dig into the subtilties on Unicode For example what does the spec says about an attribute whose name is data-K (where we have this unicode sequence U+0064 U+0061 U+0074 U+0061 U+002D U+212A ) ? Is it allowed ? If not why ? That's why I th

Re: [whatwg] Fwd: Remarks on HTML5 (ASCII / Unicode)

I suppose that converting a string to uppercase is an action relevant only to cases where only ASCII character set is allowed in the argument, such as HTML element names. Within this restricted application domain, converting to uppercase has the same effect as converting to uppercase ASCII. IMHO,