W3C home > Mailing lists > Public > public-html@w3.org > January 2012

Re: Should script execution be allowed in designMode documents?

From: Ojan Vafai <ojan@chromium.org>
Date: Thu, 5 Jan 2012 19:01:26 -0800
Message-ID: <CANMdWTvuO016-geQNgxT56zPhvnVfd8ySZ_zWdWNjiHf6FOQkw@mail.gmail.com>
To: Aryeh Gregor <Simetrical+w3c@gmail.com>
Cc: Boris Zbarsky <bzbarsky@mit.edu>, HTML WG <public-html@w3.org>
Bit belated, but I'll put another vote for allowing script. If you don't
want script execution you can use a sandboxed iframe.

Back in my web development days, this aspect of Firefox caused us insane
pain because it also disallowed script execution inside iframes in
designMode documents. To use embed Google Gadgets inside of an editable
area, we had crazy hacks involving turning off designMode and then turning
it back on after the gadget had loaded. This was buggy to say the least.

Ojan

On Tue, Jul 5, 2011 at 8:47 AM, Aryeh Gregor <Simetrical+w3c@gmail.com>wrote:

> On Tue, Jul 5, 2011 at 11:28 AM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
> > Not all scripts come from <script>. What about on* attributes, say?
> >
> > In any case, my post was just a description of why Gecko has the
> behavior it
> > does, since you couldn't imagine why anyone would ever want that
> behavior.
> >  Just helping the imagination along.  ;)
>
> Fair enough.
>
> > I didn't say we're not willing to change the behavior, just said _why_
> it is
> > the way it is right now.  Please stop the straw-man arguments.
>
> I didn't realize you were only explaining the existing behavior and
> not arguing for it.  My apologies if I was accidentally attacking a
> straw man.
>
>
Received on Friday, 6 January 2012 04:06:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:17:43 GMT