- From: Scott J. Miles <notifications@github.com>
- Date: Mon, 04 Apr 2016 10:12:13 -0700
- To: w3c/webcomponents <webcomponents@noreply.github.com>
- Message-ID: <w3c/webcomponents/issues/477/205398463@github.com>
Unless I am mistaken, `currentScript` only identifies a `<script>` node while the script in the node itself is still executing (what's the proper terminology here?). IOW, if you define an event listener function inside of a `<script>` node, any `currentScript` value available in the function will reflect only the caller's context (if any) and not the `<script>` containing the function.
IOW,
```
identify = function() {
var cs = document.currentScript;
console.log(cs ? 'currentScript exists' : 'NULL currentScript');
}
// logs: currentScript exists
identify();
// logs: NULL currentScript
window.onload = identify;
```
Sorry if I missed a nuance, but in order to leak `currentScript` you already have to trap that value when defining functions (for export or events).
IMO, the upshot is that the leakage risk is low and I would be reluctant to change the behavior of `currentScript` from the traditional policy.
---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webcomponents/issues/477#issuecomment-205398463
Received on Monday, 4 April 2016 17:12:43 UTC