Apparently Google is at it again with the Google Web Accelerator. If you don't remember the GWA, it's the tool that prefetches requests on your behalf. Including links like "delete this", or "read this message", or "logout". Instead of resolving the problems in this version, it has made those problems even worse. All I can think is what the fuck? I know they don't want to be evil, but I just assumed that they also didn't want to be stupid...?
To all you who think that it's okay to vaguely obey some W3C spec, in the face of prevailing practice: you are wrong. Just absurdly and completely wrong. It's like being some obnoxious adult who stares in bafflement when a kid says "It ain't here", then responds "I don't understand you, did you mean 'it isn't here'?" Yeah, right; ain't is a word and we all know it. And GET isn't always safe, and we all know it. Pretending bafflement, as though you spend all your time reading the HTTP specs and no time using the web and noticing how the web works.
Oh yes, the thing which made the obnoxious "Web 2.0" crowd throw all the toys out of their pram, wasn't it? It's interesting that you previously mentioned the WHAT-WG and their supposedly superior work on standardising the Web, which mostly seems to involve the main participants implementing fancy gadgets in their browsers and then writing them up in the WHAT-WG specifications as some kind of exercise in legitimacy. Here's an example of the WHAT-WG relevance factor these days:
Quite where broadcasting to Bluetooth devices fits into the Web and why there's a rush to standardise this (and presumably deal with the security implications later) remains as much a mystery as why there are special sms and smsto protocol schemes in the Web Forms 2.0 specification, and yet no-one seems to be interested in getting basic stuff like character encodings done in a sane way:
Anyway, I'd like to see a decent response to Jim's last comment on the "GWA and RFC 2616" article. It seems to me that the form toolkits used by the "Web 2.0" crowd really must be toys if they fail to support the relatively simple use case he puts forward.# The Badger
You mean his suggestion to use <input type="submit" name="delete-id-1" value="Delete this address"> ? There a couple problems with this: (a) no nested forms, so it can be difficult to put a submit button in an arbitrary location, and (b) there remain links that are not "safe", but are truly link-ish, and (c) there's less control available over buttons, which can be a problem in some circumstances (buttons tend to be visually weighty, and CSS controls are limited).
Unsafe GET links did not start with Web 2.0 apps; they are as old as the web itself, and old and largely unmaintained web applications have these bugs. The idea that we should "fix" these applications because GWA exposed a "bug" is incredibly unrealistic. Though in a practical sense, it does seem that this incarnation of the GWA is somewhat improved, as it doesn't prefetch links with variables (i.e., ?). Maybe that will be enough, I'm not sure.# Ian Bicking
Web Forms 2 supports nested forms in XHTML. It also supports a form attribute on form controls so you can associate them with any form even when they are not a descendant of any. Quite cool and there are some experimental implementations out there.
Google does unsafe GET links themselves.
Including google adwords links.
Lets start prefetching all those links and see what google has to say ;)
Ads are indeed another intriguing example of how hard prefetching is do with the web we have.# Ian Bicking