On 2012-02-18 14:45, Sven Neuhaus wrote:
...
Stop here. That's not what the fragment identifier is for.
Instead, you could specify the hash as a separate attribute on the
containing element.
The relevant section from RFC 3986 reads:
The fragment identifier component of a URI allows
On 2/17/12 1:35 AM, Anne van Kesteren wrote:
Our proposal takes its cues and algorithms from the postMessage API,
and allows the source site to restrict drop targets to only those
origins which it trusts, and allows drop targets to see which origin
was the source of a drag. The majority of the
The security problems with drag-and-drop are significantly more
pronounced than just the banking scenario you are describing. Because
the drag-and-drop action is very similar to other types of legitimate
interaction (e.g., the use of scrollbars), many practical
content-stealing attacks have been
This proposal sounds reasonable.
On Fri, Feb 17, 2012 at 1:35 AM, Anne van Kesteren ann...@opera.com wrote:
Names are chosen to be compatible with those used by HTML5 Web Messaging.
dataTransfer.origin
Returns a DOMString consisting of the protocol, domain and optional port,
of
the
On Sun, Feb 19, 2012 at 2:28 PM, Charles Pritchard ch...@jumis.com wrote:
On 2/17/12 1:35 AM, Anne van Kesteren wrote:
Our proposal takes its cues and algorithms from the postMessage API, and
allows the source site to restrict drop targets to only those origins which
it trusts, and allows
On 2/19/2012 4:28 PM, Adam Barth wrote:
On Sun, Feb 19, 2012 at 2:28 PM, Charles Pritchardch...@jumis.com wrote:
On 2/17/12 1:35 AM, Anne van Kesteren wrote:
Our proposal takes its cues and algorithms from the postMessage API, and
allows the source site to restrict drop targets to only those
On 16/02/12 5:03 PM, Justin Lebar wrote:
On Wed, Feb 15, 2012 at 5:31 PM, Ian Hicksoni...@hixie.ch wrote:
On Wed, 15 Feb 2012, Justin Lebar wrote:
- It sets the document's current address to .../page.html#foo.
Well, this is pretty bad. document.location is the document's current
address