Re: [DOM3 Events/DOM4] re-dispatching trusted events with initEvent

On 4/24/12 5:08 PM, Tobie Langel wrote:
> On 4/24/12 11:04 PM, "Boris Zbarsky"<bzbarsky@MIT.EDU>  wrote:
>
>> On 4/24/12 5:02 PM, Boris Zbarsky wrote:
>>> Oh, and that's before we get into default actions implemented by
>>> extensions.
>>
>> And one more thing: extensions _definitely_ want to know whether events
>> are trusted or not.  This doesn't necessitate a web-exposed API,
>> obviously; the property could only be visible in extension code.  But it
>> does necessitate the internal flag.
>
> So is it exposed to web content to fulfill particular use-cases?

Gecko initially exposed it because it was easier to do so than to only 
expose it to extensions but hide it from web content, I believe (or more 
precisely the latter was not really possible in Gecko at the time; it 
would be quite possible now).

I wasn't involved in the discussion about exposing it in the spec, so no 
idea what the precise reasons there were.

Web content _can_ have the same use cases as browser extensions, but 
Glenn's point about web content having to trust other stuff in the same 
frame is of course true.

At least until we start having some web content with elevated privileges 
(see e.g. the direction Boot2Gecko is going in) which will require 
something like this exposed again.

-Boris

Received on Tuesday, 24 April 2012 21:13:32 UTC