[whatwg] Please disallow "javascript:" URLs in browser address bars
Mike Shaver
mike.shaver at gmail.com
Thu Jul 22 14:03:05 PDT 2010
On Thu, Jul 22, 2010 at 4:48 PM, Tab Atkins Jr. <jackalmage at gmail.com> wrote:
> These days, though, all major browsers have javascript consoles which
> you can bring up and paste that into.
That doesn't typically apply to content tabs or windows, though.
I have a couple of questions:
What is the proposed change to which specification, exactly? URL-bar
behaviour, especially input permission, seem out of scope for the
specs that the WHATWG is working on. Would a UA that asked for the
user's permission the first time a bookmarklet is used (like some
prompt the first time a given helper app or URL scheme is used) be
compliant?
What should the URL bar say when the user clicks a javascript: link
which produces content? <a href="javascript:5;">five!</a>
Mike
More information about the whatwg
mailing list