On 22/05/07, Kristof Zelechovski <[EMAIL PROTECTED]> wrote:
And besides, the bookmarklet uses the javascript protocol, which, IIRC, is designed to produce a new document on the fly, not to modify the current one. I do not think that a bookmarklet should be permitted to access the document that is being displayed in the browser.
I don't like "javascript:" referred to as a protocol. The first part of a URI is called a scheme which normally refers to a transfer protocol in the case of URLs. Javascript is not a protocol, not even a pseudo one. However, I'm quite comfortable with having "javascript:" as a private naming scheme. It clearly addresses the script engine. I don't know why the javascript URI was designed, but I don't think javascript URIs necessarily need to load new documents, because normal URIs don't have to, a URI of "#top" is relative to the current document. I don't think it's a good idea to write a bookmarklet for password management. Most browsers already offer that feature. It would be a shame to disallow bookmarklets DOM access, you can do so many useful things (like rewind certain BBC radio shows on Listen Again). I think it would be more appropriate to allow denial of script access to password fields, which some browsers do already. I'm more against allowing "javascript:" URIs in the HTML source, they should only be allowed via JS DOM operations to reinforce progressive enhancement practice. -- Lee
