- From: Yngve N. Pettersen <yngve@opera.com>
- Date: Tue, 02 Oct 2007 13:30:49 -0500
- To: "Web Security Context Working Group WG" <public-wsc-wg@w3.org>
On Tue, 02 Oct 2007 10:57:33 -0500, Web Security Context Working Group Issue Tracker <sysbot+tracker@w3.org> wrote: > > ISSUE-110: POST triggered via JavaScript [Techniques] > > http://www.w3.org/2006/WSC/track/issues/ > > Raised by: Thomas Roessler > On product: Techniques > > JavaScript can trigger unsafe HTTP methods (POST, ...). This practice > has legitimate usage (e.g., SAML). > > Should there be any recommendations on that? I think Plugins should be considered as part of this. While a plugin may, in one way, be considered part of the user agent, in other respects (IMO the more important ones) it is an independent secondary user agent the perform certain tasks through the primary user agent. However, the primary UA have limited knowledge about and control over what the secondary agent can do. -- Sincerely, Yngve N. Pettersen ******************************************************************** Senior Developer Email: yngve@opera.com Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 ********************************************************************
Received on Tuesday, 2 October 2007 18:31:04 UTC