the advantage of consistency with the POST behaviour, but that
behaviour is an unpleasant legacy hack which encourages a
misunderstanding of HTML-escaping that promotes XSS vulns. I would not
like to see it spread any further than it already has.
cheers,
--
And Clover
mailto:a...@doxdesk.com
http
and tempts them into using submitted strings directly without
HTML-escaping, resulting in security holes. Its use should be minimised
wherever possible.
--
And Clover
mailto:a...@doxdesk.com
http://www.doxdesk.com/
gtalk:chat?jid=bobi...@gmail.com
more
issues by adding more features that aren't completely necessary now.
--
And Clover
mailto:a...@doxdesk.com
http://www.doxdesk.com
gtalk:chat?jid=bobi...@gmail.com
, and the clock time,
which might get changed.
--
And Clover
mailto:a...@doxdesk.com http://www.doxdesk.com
skype:uknrbobince gtalk:chat?jid=bobi...@gmail.com
behaviour has caused many vulnerabilities, as
even well-known sniffing behaviour continues to do (see the current
publicised difficulties with CSS-inclusion attacks). Lack of sniffing
behaviour, however, has never caused a vulnerability. It fails safe.
--
And Clover
mailto:a...@doxdesk.com
with.
(*: or, the traditional reason for sniffing, `text/plain`, due to Apache
inappropriately sending this type for unknown files by default, bug
13986. That doesn't seem to apply here.)
--
And Clover
mailto:a...@doxdesk.com
http://www.doxdesk.com/
(escape(s))`,
but this trick isn't obvious or well-known.)
--
And Clover
mailto:a...@doxdesk.com
http://www.doxdesk.com/
could do nothing for JavaScript, CSS or other nested
string context.
--
And Clover
mailto:a...@doxdesk.com
http://www.doxdesk.com/
without having to
copy to a new Array. However this would still leave the method of
calling them a little ugly.
--
And Clover
mailto:a...@doxdesk.com
http://www.doxdesk.com/
manner,
but . and [] aren't the only way to access properties. (eg.
document.links.hasOwnProperty('0').)
--
And Clover
mailto:a...@doxdesk.com
http://www.doxdesk.com/
On 05/14/2010 11:51 AM, Alexandre Thiel wrote:
can you ask the user to select a file to import from his filesystem
that can be processed with javascript or directly transfered to the
localStorage while being offline ?
Yes. See http://www.w3.org/TR/file-upload/
--
And Clover
mailto:a
a reasonable requirement for browsers in future?
--
And Clover
mailto:a...@doxdesk.com
http://www.doxdesk.com/
UTF-16-bytes to
characters, though no such process has actually taken place.
Consequently when you serialise a document parsed from a string in DOM
Level 3 LS you get an unexpected and unwanted UTF-16 document.
--
And Clover
mailto:a...@doxdesk.com
http://www.doxdesk.com/
require no standards work and would be of general utility for
all existing file downloads (I'd certainly be happy to shed a few clicks
from the ZIP download-open-extract-delete shuffle).
--
And Clover
mailto:a...@doxdesk.com
http://www.doxdesk.com/
a long
time ago.)
--
And Clover
mailto:a...@doxdesk.com
http://www.doxdesk.com/
/jquery-1.2.3.js;
contenthash=sha1:aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d
link rel=stylesheet type=text/css
src=http://www.sharedscripts.com/nice-4.5.6.css;
contenthash=sha1:0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33
--
And Clover
mailto:a...@doxdesk.com
http
16 matches
Mail list logo