[whatwg] [WF2] form submission protocols and methods
jim.ley at gmail.com
Tue Dec 20 01:39:22 PST 2005
On 12/20/05, Maciej Stachowiak <mjs at apple.com> wrote:
>> Um, they shouldn't be able to. Or at least, in many UAs they can't.
> Do you know of UAs that will prevent a file: URL document from
> loading another file: URL in a frame or iframe? Or apply any
> restrictions to scripting access to the resulting document. I don't
> know of any that will.
Well other than Internet Explorer 6 on XP service pack 2 of course?
Although there are of course still ways of doing it.
> I don't think reading /dev/mouse will specifically do anything bad,
> but I see your point. For file: in file: inclusion I think it would
> be wise to exclude certain system paths such as /dev and /etc. I
> think this may be done already.
This shouldn't be specified in the specifcation, what is safe to be
included can only be known to the user agent as it's wholly specific
to the platform and configuration of the platform.
More information about the whatwg