w3c at adambarth.com
Thu Feb 10 10:38:54 PST 2011
On Thu, Feb 10, 2011 at 6:29 AM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
> On 2/10/11 4:36 AM, Adam Barth wrote:
>> Apologies for not reading the whole thread before replying, but the
>> design Darin describes below has worked well in WebKit thus far. I'd
>> risk of introducing security vulnerabilities into the engine.
> but with tracking of where the URL came from required for the script to
> actually execute and explicit opt-in on the caller's part required to
> execute outside a sandbox.
> This too has worked well in terms of security, for what it's worth, while
> can work.
> I don't think we should gate the spec here on Webkit's implementation
> details if we think a certain behavior is correct but hard to support in
The connection is that these features are unlikely to get implemented
in WebKit anytime soon. To the extent that we want the spec to
reflect interoperable behavior across browsers, speccing things that
aren't (and aren't likely to become) interoperable is a net loss.
More information about the whatwg