- From: Victor Csiky <notifications@github.com>
- Date: Wed, 24 Apr 2019 14:03:46 -0700
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 24 April 2019 21:04:10 UTC
> you don't want that object to allow any object with read access to it to be able to call you with untrusted arguments and when no event was fired. If you can get access to the function that listens to an event, you can do just that. I am sorry? I am fairly sure that at the very moment, you _can_ trigger anyone's event handlers with "untrusted arguments"; and even in the obscure quagmire about makeshift security above, nobody seemed to mention that this would make that possible. In fact, I just argued against the practice of "triggering" random event handlers (mostly for the sake of perceived simplicity - as in "less work"), e.g. an "onclick" when no actual click happened. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/dom/issues/412#issuecomment-486425165
Received on Wednesday, 24 April 2019 21:04:10 UTC