[whatwg] <banner> as a dedicated tag
serverherder+whatwg at gmail.com
Tue Mar 1 13:58:43 PST 2011
On Wed, 2011-02-23 at 11:12 -0800, Tab Atkins Jr. wrote:
> I have untrusted markup from a third party which I would like to
> safely insert into my page, knowing that the rest of my page is safe
> from whatever the untrusted markup is doing. Also, the untrusted
> markup may be doing expensive things, particularly on load, so I'd
> like to wait until after the rest of the page is loaded before loading
> the markup.
> Is this accurate? Correct me if not, but I'll assume it is for now.
In many cases the code itself is considered trustworthy, but the ad
server's performance suspect. In that case, asynchronous execution of
the script is desired. Unfortunately, as the original email points out,
the use of document.write() prevents this.
Especially for ads, there are considerable advantages to using iframes;
however, fully-privileged scripts have advantages too. Despite a decade
of warning/ridiculing authors, document.write()'s continued prevalence
seems to be evidence of the fact that it is the only mechanism to
address a common problem: Where in the document should a script place
the content it generates?
A patch to Gecko  , originally discussed on the list last August ,
seems to address this. It adds a `currentScript` property which
references (surprise) the currently executing script. When a script can
reliably find itself, authors can use the current semantics of "put this
script wherever you want the widget to go," asynchronously if they so
The proposal seems to have been stalled by the specifics of some
additional compilation events that were also included. Beyond the
Gecko patch, I'm not sure where adoption stands.
More information about the whatwg