- From: James Browning <notifications@github.com>
- Date: Mon, 20 Sep 2021 16:58:03 -0700
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/dom/issues/1016/923444724@github.com>
> #863 considered `isTrusted` a legacy feature, but yeah, I think there is some value in it for cases like this. I think the correct approach here would be to add a feature that event listeners can filter for this, not to forbid `dispatchEvent()`. The latter seems too drastic and quite a departure from the existing model, whereas the former fits in quite naturally.
Yeah thinking about I think it would be simpler for it just to be an option, maybe something like `eventTarget.addEventListener("some-event", listener, { trustedOnly: true })`.
Something I'm torn on is whether or not event targets should allow configuring the default value of this option for certain events, in particular because the naive usage of `abortSignal.addEventListner("abort", memoryLeakingListener)`. I feel like the majority of people would appreciate having the naive version automatically clean up the listener after abort happens, people who want non-trusted events on `AbortSignal` could just pass `{ trustedOnly: false }` explictly.
> As for `new EventTarget()`, perhaps https://blog.domenic.me/the-revealing-constructor-pattern/ would be a way to expose a `dispatchEvent()` that can dispatch trusted `Event` instances. Although really you want the `Event` instance itself to be created or blessed in such a way (so `ev.isTrusted` is correct at all times), so this might need some more thought.
Yeah, the tricky thing here is that events can be subclassed so even if there was something like:
```js
const target = new EventTarget({
start(controller) {
controller.dispatchTrustedEvent({ name: "some-event" });
},
});
```
there would no way to create instances of arbitrary classes. Now we could certainly have something like:
```js
class MyEvent {
constructor() {
super("my-event");
}
myEventMethod() {
// Frobulate the foobar
}
}
const target = new EventTarget({
start(controller) {
const event = new MyEvent();
controller.markTrusted(event);
controller.dispatchEvent(event);
},
});
```
however this would beg some questions, like what would happen if we dispatched the event on a *different* event listener? Throw an error? clear the trusted mark? Only allow dispatchEvent on the same controller to be used?
I feel like whoever is creating the events won't really care that `.isTrusted` would be initially false but set to true during dispatch simply because in the majority of cases the event is created immediately before dispatch anyway. Even if they are going to something with the event object before dispatching (calling methods or whatever), it can just be assumed that such actions are trusted as whoever called the constructor has full control of the event object anyway.
The userland part of the idea still clearly needs more thought, so I don't know if it would be worth specifying `{ trustedOnly }` by itself to allow `abortSignal` (and probably some other specs eventually) to use this, and revisit userland trusted events as a follow-on proposal.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/dom/issues/1016#issuecomment-923444724
Received on Monday, 20 September 2021 23:58:16 UTC