- From: Mihai Sucan <mihai.sucan@gmail.com>
- Date: Fri, 12 Oct 2007 19:12:29 +0300
- To: public-html <public-html@w3.org>
Le Wed, 10 Oct 2007 21:59:59 +0300, Mihai Sucan <mihai.sucan@gmail.com> a écrit: > Hello! > > I have reviewed the section 6.2. "Server-sent DOM events" [1] from the > HTML 5 specification. Here are my comments. > > [...] > > That's about all, for now. I have an idea to add now. There should be a way to track down if server-sent events are sent from a remote source or not. I would say to require that UAs send all the events from remote sources with an additional property: remote, string, set to the event source URI/IRI. This might seem an irrelevant, use-less property. However, this allows authors to code Web applications which do not allow certain sensitive events from being triggered by, possibly, malicious remote event sources. This is just like the UA can tell if some events (like click) were generated synthetically by scripts, or they are the direct result of user interaction, for the purpose of allowing/disallowing popups. Synthetic triggering of any event must not be allowed to contain the 'remote' event property. (somewhat off-topic idea) Thinking along the same lines, it would be interesting to be able to tell synthetic events apart from events triggered by user interaction, such as clicks, just like UAs do. Should there be something like a boolean property, 'synthetic'? This would always be true for remote events, obviously. -- Mihai Sucan http://www.robodesign.ro
Received on Friday, 12 October 2007 16:12:42 UTC