- From: Brad Hill <hillbrad@gmail.com>
- Date: Mon, 14 Oct 2013 16:14:02 -0700
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Monday, 14 October 2013 23:14:31 UTC
Issue 52 was raised by Adam Barth at the last F2F. The nutshell description we recorded was: "requiring every handler to check unsafe makes it difficult to write the correct code. better would be to be able to provide a wrapper function that filters or intercepts all unsafe events so they can be acted on wherever they are generated." I am curious if and what spec text changes this implies. It is my understanding that a resource author that wished to handle events in this way could register a capturing handler on the root node of the document to stop propagation of any event with the unsafe flag set and forward them to a global function to deal with the violation. ( http://www.w3.org/TR/DOM-Level-2-Events/events.html) Is that a correct interpretation? Should we add advice to resource implementers to this effect? -Brad
Received on Monday, 14 October 2013 23:14:31 UTC