[whatwg] password option for window.prompt?
Lee Kowalkowski
lee.kowalkowski at googlemail.com
Tue May 22 08:38:28 PDT 2007
On 22/05/07, Kristof Zelechovski <giecrilj at stegny.2a.pl> wrote:
> And besides, the bookmarklet uses the javascript protocol, which, IIRC, is
> designed to produce a new document on the fly, not to modify the current
> one.
> I do not think that a bookmarklet should be permitted to access the
> document that is being displayed in the browser.
I don't like "javascript:" referred to as a protocol. The first part
of a URI is called a scheme which normally refers to a transfer
protocol in the case of URLs. Javascript is not a protocol, not even
a pseudo one.
However, I'm quite comfortable with having "javascript:" as a private
naming scheme. It clearly addresses the script engine.
I don't know why the javascript URI was designed, but I don't think
javascript URIs necessarily need to load new documents, because normal
URIs don't have to, a URI of "#top" is relative to the current
document.
I don't think it's a good idea to write a bookmarklet for password
management. Most browsers already offer that feature.
It would be a shame to disallow bookmarklets DOM access, you can do so
many useful things (like rewind certain BBC radio shows on Listen
Again). I think it would be more appropriate to allow denial of
script access to password fields, which some browsers do already.
I'm more against allowing "javascript:" URIs in the HTML source, they
should only be allowed via JS DOM operations to reinforce progressive
enhancement practice.
--
Lee
More information about the whatwg
mailing list