- From: Ian Hickson <ian@hixie.ch>
- Date: Sat, 27 Sep 2008 00:52:24 +0000 (UTC)
- To: Boris Zbarsky <bzbarsky@MIT.EDU>
- Cc: HTML WG <public-html@w3.org>
On Fri, 26 Sep 2008, Boris Zbarsky wrote: > Ian Hickson wrote: > > Wouldn't the "null" value that has to be passed in such cases be enough to > > detect those cases? > > Possibly. I'll be honest; what largely prompted this is that people > started trying to add all sorts of just-slightly-different origin > stringification methods to Gecko code, and any time I see that sort of > thing happening with security code it gives me the "someone will change > one of these functions and forget to change others" willies. > > Which is why ideally there would only be one function involved, > period.... That's hard enough already with the Unicode vs ASCII thing in > the spec, but all the _different_ special-casing of the non-host case > makes it a lot worse. My understanding is that the specs now have just two functions (one for ASCII and one for Unicode). Is this not the case? I certainly agree that we should keep the variants to an absolute minimum. > > I agree that would be a possible benefit. > > Fundamentally, by the way, that's what Access-Control seems to rely > on... How so? > > It seems, though I could of course be wrong, that exposing internals > > is a bigger disadvantage than the benefit gained. > > If we care, we could probably even standardize a form for the globally > unique identifier (say something like "html5-unique-origin:" followed by > a reasonable GUID serialization). The benefits would have to be really great to start introducing new standard syntax, IMHO. I'm a little concerned that we're putting the cart before the horse here -- we need to prove a need before we solve it. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Saturday, 27 September 2008 00:53:01 UTC