[whatwg] should we add beforeload/afterload events to the web platform?

[Boris Zbarsky]

On 2/3/12 11:15 PM, Ian Hickson wrote:
> No, I agree with you that if the author is using HTTP styles on their
> HTTPS page that an attacker could screw with the page. But my point is
> that fixing that is easy: just move the styles to HTTPS. In the case of
> scripts it's not that easy because the scripts might be on third-party
> servers

Styles are also commonly found on third-party servers...

> in complicated setups

Likewise.

But yeah, I'd love to hear from Adam here.

-Boris