Maciej Stachowiak wrote:
In practice it is much more important for same-origin to be implemented
consistently between XHR and HTML5 (and other Web standards) than for it
to be precisely consistent cross-browser, as inconsistencies in the
same-origin policy could lead to security holes. Thus, taking a snapshot
of what HTML5 says and putting it in XHR1 would be a dead letter,
because if HTML5 changes and browsers change to match it, they will not
leave their XHR implementation using an older version of the security
policy.
Interesting enough, this seems to be exactly the opposite of what Ian
just said :-):
Ian> The point is that Apple and Microsoft are both going to implement the
Ian> thing as required by the Web in 2000, not as defined in HTML5.
HTML5 is
Ian> describing existing practice on these matters, not defining new
material.
BR, Julian
