- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Tue, 24 Apr 2012 17:13:02 -0400
- To: Tobie Langel <tobie@fb.com>
- CC: "public-webapps@w3.org" <public-webapps@w3.org>
On 4/24/12 5:08 PM, Tobie Langel wrote: > On 4/24/12 11:04 PM, "Boris Zbarsky"<bzbarsky@MIT.EDU> wrote: > >> On 4/24/12 5:02 PM, Boris Zbarsky wrote: >>> Oh, and that's before we get into default actions implemented by >>> extensions. >> >> And one more thing: extensions _definitely_ want to know whether events >> are trusted or not. This doesn't necessitate a web-exposed API, >> obviously; the property could only be visible in extension code. But it >> does necessitate the internal flag. > > So is it exposed to web content to fulfill particular use-cases? Gecko initially exposed it because it was easier to do so than to only expose it to extensions but hide it from web content, I believe (or more precisely the latter was not really possible in Gecko at the time; it would be quite possible now). I wasn't involved in the discussion about exposing it in the spec, so no idea what the precise reasons there were. Web content _can_ have the same use cases as browser extensions, but Glenn's point about web content having to trust other stuff in the same frame is of course true. At least until we start having some web content with elevated privileges (see e.g. the direction Boot2Gecko is going in) which will require something like this exposed again. -Boris
Received on Tuesday, 24 April 2012 21:13:32 UTC