RE: [DOM3 Events/DOM4] re-dispatching trusted events with initEvent from Travis Leithead on 2012-04-24 (public-webapps@w3.org from April to June 2012)

From: Travis Leithead <travis.leithead@microsoft.com>
Date: Tue, 24 Apr 2012 19:54:55 +0000
To: Glenn Maynard <glenn@zewt.org>, "olli@pettay.fi" <olli@pettay.fi>
CC: "public-webapps@w3c.org" <public-webapps@w3c.org>, "Anne van Kesteren (annevk@opera.com)" <annevk@opera.com>, Jacob Rossi <Jacob.Rossi@microsoft.com>
Message-ID: <9768D477C67135458BF978A45BCF9B383830A4C8@TK5EX14MBXW602.wingroup.windeploy.ntde>

Glenn, isTrusted is the indicator that helps the web developer distinguish between an event fired by the UA, or one fired by JavaScript (e.g., dispatchEvent).

From: Glenn Maynard [mailto:glenn@zewt.org]
Sent: Tuesday, April 24, 2012 12:38 PM
To: olli@pettay.fi
Cc: Travis Leithead; public-webapps@w3c.org; Anne van Kesteren (annevk@opera.com); Jacob Rossi
Subject: Re: [DOM3 Events/DOM4] re-dispatching trusted events with initEvent

On Tue, Apr 24, 2012 at 2:23 PM, Olli Pettay <Olli.Pettay@helsinki.fi<mailto:Olli.Pettay@helsinki.fi>> wrote:
Yes. It should be possible to re-dispatch events. But if a script
running on a web page dispatches event, the event must become
untrusted.

What's the point of isTrusted, anyway?  You have to trust other scripts running in the same page anyway.  Does it come into play with cross-origin iframes or something?

--
Glenn Maynard

Received on Tuesday, 24 April 2012 19:56:24 UTC