00:30:37 rubys has joined #html-wg
00:45:27 planet: How to evaluate Web Applications security designs? <11http://www.w3.org/QA/2008/12/web_applications_security_requ.html>
01:33:03 aaronlev_ has joined #html-wg
02:09:53 MikeSmith has joined #html-wg
02:36:53 rubys has left #html-wg
03:12:32 gavin_ has joined #html-wg
03:21:29 Zeros has joined #html-wg
04:07:07 MikeSmith has joined #html-wg
04:07:15 Lionheart has joined #html-wg
04:17:36 dbaron has joined #html-wg
04:33:06 @planet
04:33:07 MikeSmith: How to evaluate Web Applications security designs? <11http://www.w3.org/QA/2008/12/web_applications_security_requ.html> 4** HTML5 Parsing in Gecko: A Build <11http://hsivonen.iki.fi/html5-gecko-build/> 4** HTML5 in Gecko <11http://intertwingly.net/blog/2008/12/03/HTML5-in-Gecko> 4** WebKit's week - #6 <11http://hanblog.info/blog/post/2008/11/28/WebKit-s-week-6> 4** Dev.Opera: Creating pseudo (16 more messages)
04:33:37 .t EST
04:33:37 Wed, 03 Dec 2008 23:33:37 EST
04:33:58 marcos has joined #html-wg
04:35:38 marcos has joined #html-wg
04:51:20 sierk has joined #html-wg
04:52:08 sierk has joined #html-wg
04:57:53 marcos has joined #html-wg
05:18:27 Lachy has joined #html-wg
05:19:52 .t CET
05:19:54 Thu, 04 Dec 2008 06:19:54 CET
05:28:48 heycam has joined #html-wg
05:30:56 heycam: what's the timezone abbreviation for where you are?
05:37:10 it's EST
05:37:16 which unfortunately clashes with US EST :)
05:37:24 sometimes people use AEST
05:38:29 "Australia/Melbourne" works, too
05:38:36 with e.g.: $ TZ=Australia/Melbourne date
05:38:44 (which is how i usually determine the current time somewhere)
05:39:19 tho actually it's DST here.... so make that EDT or AEDT
05:44:48 smedero has joined #html-wg
05:48:58 .t AEST
05:48:58 Thu, 04 Dec 2008 15:48:58 AEST
05:49:08 planet: Compatibility View Improvements to come in IE8 <11http://blogs.msdn.com/ie/archive/2008/12/03/compatibility-view-improvements-to-come-in-ie8.aspx>
05:49:19 .t DST
05:49:19 MikeSmith: Sorry, I don't know about the 'DST' timezone.
05:49:29 .t AEDT
05:49:29 Thu, 04 Dec 2008 16:49:29 AEDT
05:49:41 cool
06:14:30 phenny has joined #html-wg
06:42:38 hober has joined #html-wg
07:49:45 Lionheart has joined #html-wg
07:54:40 Lionheart has joined #html-wg
08:03:02 Lionheart has joined #html-wg
08:44:59 tH has joined #html-wg
10:02:09 ROBOd has joined #html-wg
10:11:01 maddiin has joined #html-wg
10:35:39 tlr has joined #html-wg
10:42:31 Lachy has joined #html-wg
10:51:33 MikeSmith has joined #html-wg
12:21:26 MikeSmith has joined #html-wg
12:23:26 http://dev.opera.com/articles/view/presto-2-2-and-opera-10-a-first-look/#selectorsapi
12:23:27 Title: Presto 2.2 and Opera 10 — a first look - Opera Developer Community (at dev.opera.com)
12:24:33 myakura has joined #html-wg
12:36:07 Julian has joined #html-wg
12:43:14 heycam has joined #html-wg
12:51:51 Sander has joined #html-wg
12:55:19 heycam has joined #html-wg
13:42:09 marcos has joined #html-wg
14:03:01 timeless has joined #html-wg
14:06:18 aroben has joined #html-wg
15:28:16 billmason has joined #html-wg
15:42:31 dbaron has joined #html-wg
15:46:33 MichaelC has joined #html-wg
15:56:54 gsnedders has joined #html-wg
16:53:28 oh right
16:53:56 DanC, I tried commenting on your QA blog entry btw
16:54:28 ah; good. I prolly should have sent mail to the webapps comments list 1st
16:56:04 oh, we've got feed readers
16:56:38 trackbot, start meeting
16:56:40 RRSAgent, make logs public
16:56:42 Zakim, this will be HTML
16:56:42 ok, trackbot; I see HTML_WG()12:00PM scheduled to start in 4 minutes
16:56:43 Meeting: HTML Weekly Teleconference
16:56:43 Date: 04 December 2008
16:56:49 ChrisWilson has joined #html-wg
16:56:51 Chair: MikeSmith
16:56:58 Zakim, code?
16:56:58 the conference code is 4865 (tel:+1.617.761.6200 tel:+33.4.89.06.34.99 tel:+44.117.370.6152), MikeSmith
16:57:05 HTML_WG()12:00PM has now started
16:57:12 HTML_WG()12:00PM has ended
16:57:13 Attendees were
16:57:30 HTML_WG()12:00PM has now started
16:57:37 +[Microsoft]
16:57:43 +Christiane_Fellbaum
16:57:46 zakim, microsoft is me
16:57:46 +ChrisWilson; got it
16:57:47 -ChrisWilson
16:57:47 +ChrisWilson
16:57:56 wow, that's weird.
16:58:06 +Adam
16:58:18 zakim, who is on the phone?
16:58:18 On the phone I see ChrisWilson, Christiane_Fellbaum, Adam
16:59:01 -Christiane_Fellbaum
16:59:04 Mike, are you joining on the telephone?
16:59:12 +Julian
16:59:23 ChrisWilson: yeah, in one minute
17:01:00 Zakim, call Mike
17:01:00 ok, MikeSmith; the call is being made
17:01:01 +Mike
17:01:44 Topic: Agenda review
17:02:01 agenda: maybe the charter issue?
17:02:41 +Christiane_Fellbaum
17:02:46 +DanC
17:02:46 Julian: charter issue?
17:03:40 Agenda: http://lists.w3.org/Archives/Public/public-html-wg-announce/2008OctDec/0011.html
17:03:42 Title: HTML WG telcon 2008-12-04 - headers attribute, Origin header from Michael(tm) Smith on 2008-12-03 (public-html-wg-announce@w3.org from October to December 2008) (at lists.w3.org)
17:03:52 Joshue has joined #html-wg
17:04:32 Zakim, who's on the phone?
17:04:32 On the phone I see ChrisWilson, Adam, Julian, Mike, Christiane_Fellbaum, DanC
17:04:58 Regrets: ShawnMedero, DaveSinger
17:05:07 + +2
17:05:17 Zakim, who's on the phone?
17:05:17 On the phone I see ChrisWilson, Adam, Julian, Mike, Christiane_Fellbaum, DanC, +2
17:05:20 zakim, ++ 2 is Joshue
17:05:20 I don't understand '++ 2 is Joshue', Joshue
17:05:27 abarth has joined #html-wg
17:05:29 Zakim, +2 is Joshue
17:05:29 +Joshue; got it
17:05:54 Zakim, agenda?
17:05:54 I see 1 item remaining on the agenda:
17:05:56 5. discuss ping [from ChrisWilson]
17:06:10 Zakim, clear agenda
17:06:10 agenda cleared
17:07:21 Scribenick: MikeSmith
17:07:35 [no additions to agenda]
17:07:52 Topic: headers attribute
17:08:11 Joshue: we are basically waiting until Hixie makes movement on this
17:08:36 ... we could talk about Ben Millard's recent messages [but perhaps not necessary]
17:09:13 http://lists.w3.org/Archives/Public/public-html/2008Dec/0004.html
17:09:14 Title: Comparison of Smart Headers and HTML5 (ACTION-85) from Ben Millard on 2008-12-01 (public-html@w3.org from December 2008) (at lists.w3.org)
17:09:45 collinjackson has joined #html-wg
17:09:46 ACTION-84?
17:09:46 ACTION-84 -- Joshue O Connor to prepare status report on @headers discussion by next week -- due 2008-11-19 -- OPEN
17:09:46 http://www.w3.org/html/wg/tracker/actions/84
17:09:48 Title: ACTION-84 - HTML Weekly Tracker (at www.w3.org)
17:10:05 action-84: http://lists.w3.org/Archives/Public/public-html/2008Dec/0004.html
17:10:07 Title: Comparison of Smart Headers and HTML5 (ACTION-85) from Ben Millard on 2008-12-01 (public-html@w3.org from December 2008) (at lists.w3.org)
17:10:20 ACTION-84 Prepare status report on @headers discussion by next week notes added
17:10:28 Julian: so that action is done and can be closed (action 84)
17:10:31 Zakim, passcode?
17:10:32 the conference code is 4865 (tel:+1.617.761.6200 tel:+33.4.89.06.34.99 tel:+44.117.370.6152), anne
17:10:42 +??P0
17:10:48 Zakim, P0 is me
17:10:48 sorry, anne, I do not recognize a party named 'P0'
17:10:58 Zakim, ??P0 is me
17:10:58 +anne; got it
17:10:58 s/Julian: so/Joshue: /
17:11:03 hi
17:11:07 action-85?
17:11:07 ACTION-85 -- Ben Millard to compare "Smart Headers" with HTML5 algorithm -- due 2008-12-01 -- OPEN
17:11:07 http://www.w3.org/html/wg/tracker/actions/85
17:11:08 Title: ACTION-85 - HTML Weekly Tracker (at www.w3.org)
17:11:21 q+
17:11:28 ack DanC
17:11:47 DanC: looking at action-85, I see a forward from Laura Carlson
17:12:10 ... saw an admin message that Laura Carlson had left the group. Do we know why?
17:12:27 +??P8
17:12:36 Zakim, I am ??P8
17:12:36 +Lachy; got it
17:12:46 Joshue: I think she's had some other things that are taking a lot of her time.
17:12:50 + +1.650.858.aabb
17:13:08 Zakim, aabb is John_Mitchell
17:13:08 +John_Mitchell; got it
17:14:00 +Murray_Maloney
17:14:19 Dsinger_ has joined #html-wg
17:14:40 DanC: somewhere in WCAG 2.0, there's an example of this technique
17:14:50 Joshue: otoh, dunno
17:15:13 RRSAgent, make minutes
17:15:13 I have made the request to generate http://www.w3.org/2008/12/04-html-wg-minutes.html MikeSmith
17:15:38 (photo of Ben? have I met him?)
17:15:38 -Murray_Maloney
17:16:13 DanC, photos of Ben here http://projectcerbera.com/me/
17:16:14 Title: About Me - Project Cerbera (at projectcerbera.com)
17:16:22 +Murray_Maloney
17:16:41 http://sitesurgeon.co.uk/
17:16:42 Title: Site Surgeon (at sitesurgeon.co.uk)
17:16:57 found the example from wcag 2 http://www.w3.org/TR/WCAG20-TECHS/H43.html
17:16:57 Ben Millard ↑
17:16:58 Title: H43: Using id and headers attributes to associate data cells with header cells in data tables | Techniques for WCAG 2.0 (at www.w3.org)
17:17:27 DanC: Joshue, can you take a look at that (H43)?
17:17:43 [Joshue takes a look]
17:18:00 DanC: I understand that represents something that is fairly widely practiced.
17:18:33 DanC: so Ben's comparison doesn't say anything one way or the other about H43?
17:18:36 Julian: yeah
17:18:55 s/Julian: yeah/Joshue: yeah/
17:18:59 issue-20?
17:18:59 ISSUE-20 -- Improvements to the table-headers algorithm in the HTML 5 spec -- OPEN
17:18:59 http://www.w3.org/html/wg/tracker/issues/20
17:19:01 Title: ISSUE-20 - HTML Weekly Tracker (at www.w3.org)
17:19:13 Joshue: but worth looking at, definitely .. relevant to what we're doing
17:19:52 zakim, mute me
17:19:52 Joshue should now be muted
17:19:56 DanC: I understand that people marking up complex financial data use that technique
17:20:03 my earlier work where I got a thumbs-down from a validator: http://lists.w3.org/Archives/Public/public-html/2008Jun/0334.html
17:20:04 Title: headers on th too or just td? from Dan Connolly on 2008-06-26 (public-html@w3.org from June 2008) (at lists.w3.org)
17:20:53 zakim, unmute me
17:20:53 Joshue should no longer be muted
17:20:57 +q
17:21:10 MikeSmith: Hixie has the ball on this.
17:21:20 action-87?
17:21:20 ACTION-87 -- Michael(tm) Smith to ensure Ian Hickson follows up on semantics-tables messages -- due 2008-12-04 -- OPEN
17:21:20 http://www.w3.org/html/wg/tracker/actions/87
17:21:21 (MikeSmith is supposed to have an action on this.)
17:21:21 Title: ACTION-87 - HTML Weekly Tracker (at www.w3.org)
17:21:29 action-87 due next week
17:21:29 ACTION-87 Ensure Ian Hickson follows up on semantics-tables messages due date now next week
17:22:49 Joshue: comparison of smart-headers algo to HTML5 is valuable, but we still have the issue of how to mark up.. two separate issues
17:22:54 (two separate issues? hmm. I'm not following closely enough to see that.)
17:23:19 Joshue: HTML5 still does not allow chained headers, and without that, it's difficult to mark up complex tables
17:24:34 The smart headers algorithm handles that H43 without the headers attribute
17:24:48 Joshue: there are some different suggestions on the wiki about how to mark up chained headers
17:25:16 (you blogged about it)
17:25:20 what's this origin stuff about?
17:25:35 close action-84
17:25:35 ACTION-84 Prepare status report on @headers discussion by next week closed
17:25:48 Topic: Origin header
17:25:52 Lachy, I'm guessing it's about the HTTP header defined by Access Control
17:26:21 oh
17:27:05 (i'm on the call, btw)
17:27:15 hey abarth!
17:27:18 hi anne
17:27:19 http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2008-November/017593.html
17:27:20 Title: [whatwg] CSRFs and Origin header and s (at lists.whatwg.org)
17:27:35 I'm on the call too
17:27:47 http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2008-November/thread.html#17593
17:27:48 Title: The whatwg November 2008 Archive by thread (at lists.whatwg.org)
17:28:00 http://crypto.stanford.edu/websec/specs/origin-header/
17:28:01 Title: Origin Header for CSRF Mitigation (at crypto.stanford.edu)
17:28:05 -Joshue
17:28:20 "This document describes the use of the Origin header for mitigating cross-site request forgery (CSRF) vulnerabilities in web sites. To help sites defend against CSRF attacks, user agents send a Origin header with HTTP requests that identities the origin that initiated the request. If the user agent cannot determine the origin, the user agents sends the value null."
17:28:35 ..
17:28:39 "I'm not sure if the HTTP spec is the most appropriate place because
17:28:39 the spec has a dependency on HTML 5 to compute the ASCII serialization
17:28:39 of the origin.
17:28:39 "
17:29:30 compute it from what, I wonder. sigh. struggling to keep up
17:29:37 q+
17:29:49 ack Julian
17:29:53 DanC compute it from a URL
17:30:06 well, from an origin
17:30:07 ah. thanks. clearly that can be separated from HTML
17:30:09 Julian: HTTPbis wg is not chartered to add anything new to the protocol
17:30:19 ... so it would not be a work item of the HTTPbis WG
17:30:20 and origin depends on browsing contexts and scripting contexts and such
17:30:27 compute an origin from an origin?
17:30:36 ... we would need to talk to one of the App Area directors
17:30:37 you compute a serialization
17:30:40 ok
17:30:50 ... isn't Lisa D. in the loop on this already?
17:30:55 MikeSmith: yeah, I think so.
17:31:56 abarth: basic idea is to help sites defend themselves against CRSF attacks
17:32:20 ... there are some issues on trying to do this with the Refer header
17:32:21 |