[whatwg] Should events be paused on detached iframes?

Boris Zbarsky bzbarsky at MIT.EDU
Thu Aug 26 12:02:08 PDT 2010


On 8/26/10 11:58 AM, James May wrote:
> I thought I just suggested that?
>
> Everything works normally (as if it was still attached) until it is
> reattached, when the situation is re-evaluated.

That could fall afoul of security checks that assume that an iframe with 
a non-null parent is in fact a subframe and that it's owner element is 
in the DOM.  I know Gecko certainly has such internally.

Again, nothing insurmountable, but there's a bunch of code in Gecko that 
makes assumptions about when windows can and can't exist that would need 
auditing. I can't speak to the web compat aspects.

> In terms of resource consumption, I don't see how this would be any
> different to any other kind of leak that web content can trigger.

I don't think that's an issue, though this does raise the question of 
when it's OK to gc the iframe.

> (I think someone mentioned that iframes can be GC'd normally)

Can they, with your proposal?  It seems that with your proposal if you 
remove an iframe from the DOM and then forget about it then as long as 
there's any network activity in that iframe or anything else which might 
potentially trigger script it cannot be gced.  This seems like it would 
make it very easy to leak document after document...

-Boris




More information about the whatwg mailing list