[whatwg] "first script" and impersonating other pages - pushState(url)
Mike Wilson
mikewse at hotmail.com
Thu Sep 3 06:27:38 PDT 2009
Ian Hickson wrote:
>
> On Mon, 31 Aug 2009, Mike Wilson wrote:
> >
> > Ian Hickson wrote:
> > >
> > > On Fri, 21 Aug 2009, Mike Wilson wrote:
> > > >
> > > > [...]
> > > > Imagine that I want my loaded page:
> > > > /pages/section1/thing1
> > > > be able to impersonate:
> > > > /pages/section2/thing2
> > > > how do you envision this to be structured?
> > > >
> > > > Something like this? :
> > > >
> > > > /pages/section1/thing1:
> > > > <script src="/pages/script.js">
> > > > <button onclick="impersonate();">
> > > >
> > > > /pages/script.js:
> > > > function impersonate() {
> > > > ...pushState(..., "/pages/section2/thing2");
> > > > }
> > >
> > > That would do it, yes.
> >
> > [...] wouldn't the first script
> > (corresponding to the button click) be the implicitly
> > generated event handler in:
> > /pages/section1/thing1
> > with a basedir of
> > /pages/section1
> > thereby making the call to:
> > ...pushState(..., "/pages/section2/thing2");
> > throw SECURITY_ERR in step 2.2 of the pushState
> > algorithm?
>
> No, why?
Because I was interpreting the following from the spec
and your previous mail:
- clicking the <button> will trigger the anonymous
event handler in /pages/section1/thing1 and will
result in activating a first script with
basedir=/pages/section1
- when the anonymous event handler calls into the
impersonate() function defined in /pages/script.js
the initial script (and basedir) remains as "first
script" and does not activate basedir=/pages
- calling pushState(..., "/pages/section1/thing2") when
first script's basedir=/pages/section1 will be ok
- calling pushState(..., "/pages/section2/thing2") when
first script's basedir=/pages/section1 will not be
allowed (and throw).
Is any of these wrong?
Best regards
Mike
More information about the whatwg
mailing list