- From: David Lin-Shung Huang <linshung.huang@sv.cmu.edu>
- Date: Tue, 15 Oct 2013 13:46:37 -0700
- To: Brad Hill <hillbrad@gmail.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Tuesday, 15 October 2013 20:47:07 UTC
On Mon, Oct 14, 2013 at 4:14 PM, Brad Hill <hillbrad@gmail.com> wrote: > Issue 52 was raised by Adam Barth at the last F2F. The nutshell > description we recorded was: > > "requiring every handler to check unsafe makes it difficult to write the > correct code. better would be to be able to provide a wrapper function that > filters or intercepts all unsafe events so they can be acted on wherever > they are generated." > > I am curious if and what spec text changes this implies. > > It is my understanding that a resource author that wished to handle events > in this way could register a capturing handler on the root node of the > document to stop propagation of any event with the unsafe flag set and > forward them to a global function to deal with the violation. ( > http://www.w3.org/TR/DOM-Level-2-Events/events.html) Is that a correct > interpretation? Should we add advice to resource implementers to this > effect? > What you described should work, and supplying an advice into the spec sounds fine with me. (One note is that there are browsers that only do event bubbling rather than event capturing, but those browsers are not be W3C-compliant to begin with. http://www.quirksmode.org/js/events_order.html) > -Brad >
Received on Tuesday, 15 October 2013 20:47:07 UTC