On Tue, Feb 8, 2011 at 10:27 PM, Charles Pritchard <chuck@jumis.com> wrote: > > - It's a major break from the normal event model. Merely defining an > event shouldn't cause side-effects. > > This proposal seems to say that mouse capture is enabled by adding an event > handler to an element. I don't like this: > window.open is another item that only fires during an event handle. I'm > sure full screen is on that grounds. > Drag+drop does that. [input type=file] is another. > Sorry, that's not what I meant. It's OK--if less than ideal--for functionality to *only be available* during certain events. What I meant was that this proposal seems to cause mouse capture to happen as a side-effect of the event handler being set at all. Adding the "mousecapture" event causes clicking the element to capture. That's what I don't like in particular. User initiated events are part of the security model; and the current issues > with mouse capture are about security. > I typed this before but elided it since my mail got too long: window.open is an example of why restricting these things to clicks doesn't work very well. Browsers tried to prevent unwanted popups by only allowing them during clicks, and now instead of popups opening when you load a page, they open the first time you click anywhere in the window. That said, it would still help prevent non-malicious but misbehaving scripts from accidentally taking over the browser, which can happen anywhere, even on "trusted" sites. However, that's just one possible way of dealing with that problem, and browsers should be able to look for less restrictive solutions (which is what I had in mind when I referred to how operating systems deal with this). -- Glenn Maynard
Received on Wednesday, 9 February 2011 04:03:56 UTC