philipj at opera.com
Thu Nov 25 06:10:08 PST 2010
On Tue, 16 Nov 2010 02:15:45 +0100, Ian Hickson <ian at hixie.ch> wrote:
> On Wed, 11 Aug 2010, Boris Zbarsky wrote:
>> For what it's worth, as I see it there are three possible behaviors for
>> 1) Don't run the script.
>> 2) Run the script, but in a sandbox.
>> 3) Run the script against some Window object (which one?)
>> Defining which of these happens in which case would be good. Again,
>> Gecko's behavior is #2 by default (in all sorts of situations; basically
>> anywhere you can dereference a URI), with exceptions made to do #3 in
>> some cases.
> That's what the spec says currently.
trying to figure out what the interoperability constraints are.
context of <img>, <embed>, <applet> and any inline loads from CSS.
Before I was aware of this thread, I went through the different kinds of
browsers. The results:
(I haven't looked at <iframe>, as we don't treat that as an inline load in
the same way as the above.)
Based on this, unless there are corner-cases I've missed, it seems
unlikely that there's a large body of web content that depends on inline
simplest to implement and the fastest way to reach interoperability. The
which, even if sandboxed, doesn't seem particularly useful.
I'll keep you posted if there are any compatibility issues that come up
with this. Assuming (boldly) there is not, would there be support from
other browsers to move in this direction and change the spec to match? (It
seems that IE and WebKit are already basically already doing what I'm
More information about the whatwg