- From: Diego Perini <diego.perini@gmail.com>
- Date: Wed, 23 Feb 2011 14:13:46 +0100
On Wed, Feb 23, 2011 at 10:16 AM, Jorge <jorge at jorgechamorro.com> wrote:
> On 23/02/2011, at 04:57, Boris Zbarsky wrote:
>> On 2/22/11 10:42 PM, Glenn Maynard wrote:
>>> Including execute() being synchronous, raising SyntaxError exceptions
>>> for parse errors, and uncaught exceptions from the script being
>>> propagated up through execute() to its caller?
>>
>> Hmm. ?That last one might take some work in Gecko, if it's even sanely possible, but the rest of it shouldn't be that bad.
>
> Wouldn't this :
>
> HTMLScriptElement.prototype.execute= function execute () {
> ?// ...
> ?return (1, eval)( this.innerText ); // global eval
> }
>
> do it ?
>
Yes it would !
Unfortunately that requires access to script source content which is
not available for external resources, even if same origin.
We can execute scripts but never access their sources, isn't that a
unnecessary restriction ?
--
Diego
> (only that it should be "privileged": able to bypass the usual s.o.p. restrictions wrt .innerText...)
> --
> Jorge.
Received on Wednesday, 23 February 2011 05:13:46 UTC