Other Uses of BASE? [was: Security concersn with BASE [was: Is this use of BASE koshe ]

Daniel W. Connolly (connolly@beach.w3.org)
Sun, 6 Aug 95 16:40:27 EDT

In message <199508060732.AAA11174@blob.best.net>, "Peter K. Sheerin" writes:
>That's not the intent of the BASE element; it is intended soley for
>resolving relative URLs (which does not include stand-alone fragment
>identifiers, right everyone?).

Says who? :-)

The intent of the BASE element is whatever the HTML specs
say it is, and that's up to this working group to decide.

>> How is this different from an HTTP URI: header?
>It's a completely separate case. The two serve different purposes.

OK. I see your assertion. But I don't see the argument behind it.

If you ask me, they serve exactly the same purpose. The HTTP
spec says:

August 3, 1995
|8.28 URI
|The URI-header field may contain some or all of the Uniform Resource
|Identifiers (Section 3.2) by which the Request-URI resource can be
|identified. There is no guarantee that the resource can be accessed
|using the URI(s) specified.

The HTML spec currently says:

Aug 4,1995
|Base Address: BASE
The optional BASE element allows the address a document to be recorded
|in situations in which the document may be read out of context. The
|required HREF attribute specifies specifies the base URI (see section
|Hyperlinks) for navigating the document, overriding any context
|otherwise known to the user agent.

[ok, this is cheating a little since I wrote that, but "allows the
address of a document..." has been in the specs for a long time.]

To me, combining turning URIs into absolute URIs for fetching
is part of "navigating the document."

> It should be *one* way to get that document (and hopefully the most
>reliable/long-lasting one)

Agreed. In fact, I'm tempted to clarify that paragraph more, saying
something like "The base URI is the address by which the document
should be cited, for example, in bookmark or hotlist files."

>... but it need not confer anything else, other
>than relative links using that BASE will be valid.

>> Displaying the URL given in a <base> tag, rather than the one used to
>> fetch the document will lead the user to believe that the author wants
>> the document cited by that <Base> address, which is the truth, no?
>Eeek! No! First, that's not the purpose of BASE,

hmmm? You just said so yourself: "reliable/long-lasting ..."

> second, there is another
>mechanism to acheive this behaviour,

in HTML? Redundancy is sometimes necessary to make the whole thing work.