The WHATWG Blog

WHATWG Weekly: Same-Origin Policy Explained

February 28th, 2011 by Anne van Kesteren in Weekly Review

We are still looking for a volunteer to write WHATWG Weekly. Otherwise on March 21 and beyond there will not be much to see here. Well, no new WHATWG Weekly.

Big thanks, security model, and editing

We got a big thanks from people at the BBC. Though reading Frame accurate video in HTML5 it seems we owe them for providing valuable feedback! Great to see how many people are paying attention and contributing to what we are trying to build here.

Earlier this week Adam Barth published Principles of the Same-Origin Policy, a document outlining the principles of the Web platform security model. That is, as it has come to be over the years, with many people hacking on it in browsers.

Aryeh Gregor has a new project: HTML Editing Commands. He is working out a more detailed specification for the execCommand() method (and friends). Currently the HTML specification is rather vague on the subject, deferring much to implementations. This specification will eventually help user agents to get closer to each other — also known as interoperability — with regards to editing operations.

W3C HTML WG

Another attempt is made to get the longdesc attribute conforming. Edward O'Connor (since recently with Apple; congrats!) is not convinced there is new information here since we made the decision to kick it out.

A whole bunch of open HTML WG issues (156, 157, 158, 160) were “closed without prejudice” last week. This happens when no change proposals are written in time. The process starts with a bug that is resolved by the editor. If the reporter disagrees with the editor he can escalate the bug into an issue. But if then nobody steps up to do something with the issue nothing will change and the issue is closed without prejudice. After this the issue can only be reconsidered with approval of the WG Chairs. Otherwise it is deferred to the next version of HTML (the W3C uses a snapshot model, the current one is labeled HTML5).

Shorts

• Ian Hickson disagreed with changing hgroup.
• Dominique Hazael-Massieux (with the W3C Team) wrote up this document: Standards for Web Applications on Mobile: February 2011 current state and roadmap.
• Martin Stender requested a banner element to include potentially unsafe advertisements into a page. Tab Atkins pointed out that the <iframe sandbox> feature is designed for that.
• Makoto Kato would like a clarification as to how setting the value IDL attribute of a control interacts with manipulating its value through an input method editor (IME; used for entering complex characters).
• Rafael wanted innerHTML for DocumentFragment objects. It was pointed out further in the thread that insertAdjacentHTML() already serves that purpose.
• Ben Rimmington proposed non-blocking modal dialogs. Like Justin Dolske I wonder whether we really need that at this point.

WHATWG Weekly: Search Provider APIs ↔ WHATWG Weekly: Web Notifications

6 Responses to “WHATWG Weekly: Same-Origin Policy Explained”

1. I volunteer, Anne.

2. Shelley,

   If you’re at a loose end http://www.xwhatwg.org/ could do with some blog articles. Also: a website, ideas, arguments, detractor performants, etc.

3. That’s great Shelley! Just join IRC and we can sort it out. I expect to be able to write the next two installments, but after that it can be all yours. You can then coordinate on IRC with some of the other blog administrators to get it published.

4. As soon as I find an IRC client for Windows, I’ll check in. I’m not a big IRC person, and I’ve just switched from Mac to Windows. Do you have any suggestions for a free Windows IRC client?

   mattur, thanks, but I do have plenty to do.

5. Ah, I noticed the note on my offer in the IRC log. My seemingly never ending supply of typos aside, I am a writer, and a writer can be both polite and objective, even if they don’t feel particularly objective about the topic of their writing.

   However, I will probably continue to be less than polite and not particularly objective in my writing about WhatWG elsewhere, and this may create a dissonance that can make some folks uncomfortable.

   Some teasing on Twitter aside, I offered because I think it’s important to provide a weekly summary of what’s happening in WhatWG land. Your efforts are scattered about: in the W3C email lists, the WhatWG lists, IRC, and weblogs. It’s important that people know what’s happening without having to hunt around for the info. It would probably be better to have someone more effusive about WhatWG provide these updates, but if no one else is volunteering, than I will.

   Though I won’t be a cheerleader for WhatWG–such would be inherently dishonest–I can be both polite and objective, and more importantly, informative.

   So let me know if you still want me to connect up with you on IRC, Anne. And I do really want recommendations for a Windows IRC client. The one I’m finding most recommended is shareware, and I just don’t have the cash to spare at the moment.

6. I use Opera as IRC client myself and I hear it is cross-platform. There are also a couple you can use from your browser (i.e. web-based): freenode Web IRC or Mibbit. Your motivations sound good; no need for cheerleading here 🙂

   As far as volunteering goes. So far I have had one other semi-offer, mostly on the basis that if nobody else steps up, he might be able to do it. So if you can do it that would be great!