- From: <bugzilla@jessica.w3.org>
- Date: Wed, 25 Aug 2010 14:04:51 +0000
- To: public-html-bugzilla@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=9767 --- Comment #25 from Henri Sivonen <hsivonen@iki.fi> 2010-08-25 14:04:50 --- (In reply to comment #24) > So the proposal here is to change the spec so that all scripts running for > <script> elements (when the element is run, not calls to functions created by > that element and put in the scripting environment) that are using external > files (i.e. <script src="">, not inline scripts) and that do not have the > "parser-inserted" flag set (e.g. inserted using appendChild(), not found in the > doc source), when they try to document.write() to the same Document as the > owner of the <script> without having a defined insertion point, should have > such calls ignored? Not exactly. What I implemented was that cases that would previously blow away the document instead ignore the write if an external script whose owner doc is the same doc as the one write is being called on is running. > If so, some questions: > > Why limit it to appendChild()'ed scripts, not parser-inserted ones? (e.g. async > scripts don't have a defined insertion point) I'm not suggesting limiting this to appendChild() scripts. I'm suggesting also ignoring writes on the owner doc from async and defer scripts. > Why limit it to external scripts? It was easy enough to limit it to external scripts and doing it for internal scripts didn't seem essential in order to avoid user-perceived breakage given the existing content I've seen, so I erred on the side if changing a smaller amount of behavior where scoping the behavior was reasonably simple. > Why limit it to when running <script> blocks? We could make all > document.write() calls on your own document get ignored. Two reasons: 1) It seemed unnecessary to have to be able to figure out from within the document.write() implementation if a calling event handler comes from the same doc. (I admit I wouldn't know right away how to do that in Gecko.) 2) It seemed semi-plausible to me that some site out there might actually depend on being able to blow away self from an onclick handler. -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.
Received on Wednesday, 25 August 2010 14:04:53 UTC