[whatwg] Should events be paused on detached iframes?
Ian Hickson
ian at hixie.ch
Wed Feb 8 14:38:33 PST 2012
On Wed, 8 Feb 2012, Boris Zbarsky wrote:
> On 2/8/12 3:50 PM, Ian Hickson wrote:
> > "Should events be paused on detached iframes"? Or another question?
> > (Sorry, I've lost the context here.)
>
> The thread is discontinuous in the archives (why?)
Mailman archives suck.
I found the thread in a more usable form here:
http://old.nabble.com/Should-events-be-paused-on-detached-iframes--to29526129.html#a29526129
> but I think the relevant part was:
>
> It's possible to switch these relevant checks to walk the
> ownerDocument chain instead, say. Then we need to audit all the
> callsites to make sure this makes sense at them and figure out what
> to do for the ones where it doesn't. (For example, should
> window.alert on the window of an iframe not in the DOM put up a
> dialog in a tab based on the ownerDocument of the iframe? Or not put
> one up at all?) There are quite a few APIs that need to be thus
> audited if this invariant is changed.
My overall response is still the same: I'm happy to consider specific
cases. As far as I'm aware, the spec doesn't have any privilege escalation
bugs of this nature.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list