Are there any possible related security issues we should be aware of?
Honza
Obvious things like not treating the messages as HTML or XUL or anything
like that, right?
-Boris
How many headers are "like" printing on the console? Seems like you'd
only need one to do that so what do the others do? Spitting out header
text can be done safely (e.g. the Live HTTP Headers addon), I'm more
concerned about what the other headers might be.
-Dan
I could also imagine console-info, etc. so, it imitates similar
methods, which are available in Firebug's console (console.log,
console.error, console.info, etc.) This would help Firebug to
distinguish the incoming server-message meaning and use different
visual style (e.g. red color for error messages).
> Spitting out header text can be done safely (e.g. the Live HTTP
> Headers addon), I'm more concerned about what the other headers might be.
So, all these headers should be used just to pass the text from the
server.
Honza
So what kind of answer would cause you concern? The header is text, so
worst case is? I guess we could even eval() it, functions and all if we
are in the page. It comes from a server of a web page, so we should be
able and limited to doing anything we can do with web content right?
jjb