[whatwg] Should events be paused on detached iframes?
Boris Zbarsky
bzbarsky at MIT.EDU
Thu Aug 26 12:02:08 PDT 2010
On 8/26/10 11:58 AM, James May wrote:
> I thought I just suggested that?
>
> Everything works normally (as if it was still attached) until it is
> reattached, when the situation is re-evaluated.
That could fall afoul of security checks that assume that an iframe with
a non-null parent is in fact a subframe and that it's owner element is
in the DOM. I know Gecko certainly has such internally.
Again, nothing insurmountable, but there's a bunch of code in Gecko that
makes assumptions about when windows can and can't exist that would need
auditing. I can't speak to the web compat aspects.
> In terms of resource consumption, I don't see how this would be any
> different to any other kind of leak that web content can trigger.
I don't think that's an issue, though this does raise the question of
when it's OK to gc the iframe.
> (I think someone mentioned that iframes can be GC'd normally)
Can they, with your proposal? It seems that with your proposal if you
remove an iframe from the DOM and then forget about it then as long as
there's any network activity in that iframe or anything else which might
potentially trigger script it cannot be gced. This seems like it would
make it very easy to leak document after document...
-Boris
More information about the whatwg
mailing list