- From: Jordan Harband <notifications@github.com>
- Date: Fri, 17 Feb 2017 10:18:26 -0800
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 17 February 2017 18:19:22 UTC
I can extract an untainted `addEventListener` from an `iframe`, I can include in the documentation that it needs to be first-run, and often ad network code is ran - last - that I don't control. I don't think it's productive to try to make a claim that making code more robust is a fool's errand; whether it's part of the intentional security model of the web or not. Is there a reason that an opt-in mechanism (at the `addEventListener` callsite, like how `passive: true` works) wouldn't be a good middle ground, where you could get the functionality you want with zero risk of breaking existing axioms, and zero risk of developers having difficulty reasoning about their code? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/dom/issues/412#issuecomment-280726293
Received on Friday, 17 February 2017 18:19:22 UTC