- From: Scott J. Miles <notifications@github.com>
- Date: Mon, 04 Apr 2016 10:12:13 -0700
- To: w3c/webcomponents <webcomponents@noreply.github.com>
- Message-ID: <w3c/webcomponents/issues/477/205398463@github.com>
Unless I am mistaken, `currentScript` only identifies a `<script>` node while the script in the node itself is still executing (what's the proper terminology here?). IOW, if you define an event listener function inside of a `<script>` node, any `currentScript` value available in the function will reflect only the caller's context (if any) and not the `<script>` containing the function. IOW, ``` identify = function() { var cs = document.currentScript; console.log(cs ? 'currentScript exists' : 'NULL currentScript'); } // logs: currentScript exists identify(); // logs: NULL currentScript window.onload = identify; ``` Sorry if I missed a nuance, but in order to leak `currentScript` you already have to trap that value when defining functions (for export or events). IMO, the upshot is that the leakage risk is low and I would be reluctant to change the behavior of `currentScript` from the traditional policy. --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webcomponents/issues/477#issuecomment-205398463
Received on Monday, 4 April 2016 17:12:43 UTC