W3C home > Mailing lists > Public > whatwg@whatwg.org > September 2009

[whatwg] Application defined "locks"

From: Robert O'Callahan <robert@ocallahan.org>
Date: Thu, 10 Sep 2009 17:01:47 +1200
Message-ID: <11e306600909092201j2841ce2bt7369898cf1283dc3@mail.gmail.com>
On Thu, Sep 10, 2009 at 4:57 PM, Darin Fisher <darin at chromium.org> wrote:

> On Wed, Sep 9, 2009 at 9:43 PM, Robert O'Callahan <robert at ocallahan.org>wrote:
>
>> On Thu, Sep 10, 2009 at 4:37 PM, Darin Fisher <darin at chromium.org> wrote:
>>
>>>  Imagine if you script a plugin inside the transaction, and before
>>> returning, the plugin scripts another window,
>>>
>>
>> I'm curious, how common is that anyway? Can we just tell plugins not to do
>> that, and abort any plugin that tries?
>>
>>
> I don't know.  Are you saying that a plugin should not be able to invoke a
> function that may trigger showModalDialog?  The code that calls
> showModalDialog may be far removed / unrelated to the plugin script.  It may
> just be an unfortunate side effect of invoking a method on a DOM window.
>
>
No, I'm saying when a script in window A calls into a plugin, the plugin
should not be allowed to synchronously call back out to script in window B.
I realize that is currently "allowed" (i.e. not forbidden by anything in
NPAPI), but do plugins actually do it in practice?

Rob
-- 
"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
53:5-6]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090910/5799e09e/attachment.htm>
Received on Wednesday, 9 September 2009 22:01:47 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:52 UTC