W3C home > Mailing lists > Public > public-cdf@w3.org > January 2006

CDR: Event propagation to parent documents

From: Maciej Stachowiak <mjs@apple.com>
Date: Mon, 2 Jan 2006 01:48:27 -0800
Message-Id: <9FCC305F-AAB9-4CBF-BABE-955814AADA4A@apple.com>
To: public-cdf@w3.org


Section 2.2.1, event propagation to parent documents:

- This feature creates security issues for containing documents that  
use existing inclusion features. Now child documents can unilaterally  
decide to trigger any event handlers on any element in the parent  
document that contains the child. This may create unexpected security  
risks to documents that thought including child content was "safe"  
and would not thereby affect its keyboard and mouse handlers.

- This feature creates security issues for the contained document. It  
may wish to use an event to simply send a message to a parent  
document that is for security reasons otherwise inaccessible.  
However, because the Event interface includes the target node, it may  
therefore inadvertently expose its whole DOM.

- If cross-document event propagation is to be included, I request  
that it be changed so that both parent and child have to consent.

- But better yet, I recommend that cross-document event propagation  
be removed, and that instead cross-document communication be designed  
in a way that does not overload existing features, to minimize the  
security risk. One example would be cross-document messaging, as  
implemented in Opera: <http://virtuelvis.com/archives/2005/12/cross- 
document-messaging> and proposed for standardization by whatwg as  
part of Web Apps 1.0: <http://whatwg.org/specs/web-apps/current-work/ 
#crossDocumentMessages>

Regards,
Maciej
Received on Monday, 2 January 2006 09:48:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:40 GMT