- From: Diego Perini <diego.perini@gmail.com>
- Date: Wed, 23 Feb 2011 14:13:46 +0100
On Wed, Feb 23, 2011 at 10:16 AM, Jorge <jorge at jorgechamorro.com> wrote: > On 23/02/2011, at 04:57, Boris Zbarsky wrote: >> On 2/22/11 10:42 PM, Glenn Maynard wrote: >>> Including execute() being synchronous, raising SyntaxError exceptions >>> for parse errors, and uncaught exceptions from the script being >>> propagated up through execute() to its caller? >> >> Hmm. ?That last one might take some work in Gecko, if it's even sanely possible, but the rest of it shouldn't be that bad. > > Wouldn't this : > > HTMLScriptElement.prototype.execute= function execute () { > ?// ... > ?return (1, eval)( this.innerText ); // global eval > } > > do it ? > Yes it would ! Unfortunately that requires access to script source content which is not available for external resources, even if same origin. We can execute scripts but never access their sources, isn't that a unnecessary restriction ? -- Diego > (only that it should be "privileged": able to bypass the usual s.o.p. restrictions wrt .innerText...) > -- > Jorge.
Received on Wednesday, 23 February 2011 05:13:46 UTC