[whatwg] Proposal for separating script downloads and execution

Diego Perini diego.perini at gmail.com
Wed Feb 23 05:13:46 PST 2011


On Wed, Feb 23, 2011 at 10:16 AM, Jorge <jorge at jorgechamorro.com> wrote:
> On 23/02/2011, at 04:57, Boris Zbarsky wrote:
>> On 2/22/11 10:42 PM, Glenn Maynard wrote:
>>> Including execute() being synchronous, raising SyntaxError exceptions
>>> for parse errors, and uncaught exceptions from the script being
>>> propagated up through execute() to its caller?
>>
>> Hmm.  That last one might take some work in Gecko, if it's even sanely possible, but the rest of it shouldn't be that bad.
>
> Wouldn't this :
>
> HTMLScriptElement.prototype.execute= function execute () {
>  // ...
>  return (1, eval)( this.innerText ); // global eval
> }
>
> do it ?
>

Yes it would !

Unfortunately that requires access to script source content which is
not available for external resources, even if same origin.

We can execute scripts but never access their sources, isn't that a
unnecessary restriction ?

--
Diego

> (only that it should be "privileged": able to bypass the usual s.o.p. restrictions wrt .innerText...)
> --
> Jorge.



More information about the whatwg mailing list