W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2012

RE: [DOM3 Events/DOM4] re-dispatching trusted events with initEvent

From: Travis Leithead <travis.leithead@microsoft.com>
Date: Tue, 24 Apr 2012 19:54:55 +0000
To: Glenn Maynard <glenn@zewt.org>, "olli@pettay.fi" <olli@pettay.fi>
CC: "public-webapps@w3c.org" <public-webapps@w3c.org>, "Anne van Kesteren (annevk@opera.com)" <annevk@opera.com>, Jacob Rossi <Jacob.Rossi@microsoft.com>
Message-ID: <9768D477C67135458BF978A45BCF9B383830A4C8@TK5EX14MBXW602.wingroup.windeploy.ntdev.microsoft.com>
Glenn, isTrusted is the indicator that helps the web developer distinguish between an event fired by the UA, or one fired by JavaScript (e.g., dispatchEvent).

From: Glenn Maynard [mailto:glenn@zewt.org]
Sent: Tuesday, April 24, 2012 12:38 PM
To: olli@pettay.fi
Cc: Travis Leithead; public-webapps@w3c.org; Anne van Kesteren (annevk@opera.com); Jacob Rossi
Subject: Re: [DOM3 Events/DOM4] re-dispatching trusted events with initEvent

On Tue, Apr 24, 2012 at 2:23 PM, Olli Pettay <Olli.Pettay@helsinki.fi<mailto:Olli.Pettay@helsinki.fi>> wrote:
Yes. It should be possible to re-dispatch events. But if a script
running on a web page dispatches event, the event must become
untrusted.

What's the point of isTrusted, anyway?  You have to trust other scripts running in the same page anyway.  Does it come into play with cross-origin iframes or something?

--
Glenn Maynard
Received on Tuesday, 24 April 2012 19:56:24 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:51 GMT