W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2011

[whatwg] Proposal for separating script downloads and execution

From: Diego Perini <diego.perini@gmail.com>
Date: Wed, 23 Feb 2011 14:13:46 +0100
Message-ID: <AANLkTi=ohmWwz_gio8KZ=+gvJi2Q-OK-ybVSVVTeAi_r@mail.gmail.com>
On Wed, Feb 23, 2011 at 10:16 AM, Jorge <jorge at jorgechamorro.com> wrote:
> On 23/02/2011, at 04:57, Boris Zbarsky wrote:
>> On 2/22/11 10:42 PM, Glenn Maynard wrote:
>>> Including execute() being synchronous, raising SyntaxError exceptions
>>> for parse errors, and uncaught exceptions from the script being
>>> propagated up through execute() to its caller?
>>
>> Hmm. ?That last one might take some work in Gecko, if it's even sanely possible, but the rest of it shouldn't be that bad.
>
> Wouldn't this :
>
> HTMLScriptElement.prototype.execute= function execute () {
> ?// ...
> ?return (1, eval)( this.innerText ); // global eval
> }
>
> do it ?
>

Yes it would !

Unfortunately that requires access to script source content which is
not available for external resources, even if same origin.

We can execute scripts but never access their sources, isn't that a
unnecessary restriction ?

--
Diego

> (only that it should be "privileged": able to bypass the usual s.o.p. restrictions wrt .innerText...)
> --
> Jorge.
Received on Wednesday, 23 February 2011 05:13:46 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:31 UTC