[whatwg] Should events be paused on detached iframes?
Boris Zbarsky
bzbarsky at MIT.EDU
Fri Mar 4 17:49:03 PST 2011
On 3/4/11 7:08 PM, Ian Hickson wrote:
> Could you elaborate on the security reasons?
The primary one is that there there are Gecko-internal security settings
that are supposed to apply to "this browsing context and all descendant
browsing contexts".
Right now this is handled by traversing a parent chain that has to be
broken when the node is removed from the document. To avoid giving the
node's contentWindow permissions it shouldn't have, we then make sure
script can't run in it, by the simple expedient of tearing down the
browsing context...
It's possible to switch these relevant checks to walk the ownerDocument
chain instead, say. Then we need to audit all the callsites to make
sure this makes sense at them and figure out what to do for the ones
where it doesn't. (For example, should window.alert on the window of an
iframe not in the DOM put up a dialog in a tab based on the
ownerDocument of the iframe? Or not put one up at all?) There are
quite a few APIs that need to be thus audited if this invariant is changed.
> I don't really understand the problem.
The main problem is having better ways to spend engineering time... ;)
> It certainly seems like there are some valid use cases for moving
> frames around from document to document.
There are, yes. There are also lots of edge cases that are otherwise
impossible that are introduced by allowing it; I'm a little curious as
to how compatible with each other the IE8 and Chrome implementations are.
-Boris
More information about the whatwg
mailing list