- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Wed, 23 Feb 2011 09:17:49 -0500
On 2/23/11 4:16 AM, Jorge wrote:
> Wouldn't this :
>
> HTMLScriptElement.prototype.execute= function execute () {
> // ...
> return (1, eval)( this.innerText ); // global eval
> }
>
> do it ?
No. First of all, the script can be an external script, so innerText
doesn't do the right thing.
> (only that it should be "privileged": able to bypass the usual s.o.p. restrictions wrt .innerText...)
That's the thing. The privileged bit involves things that make it very
difficult to transport exceptions across it correctly, especially if the
caller of execute() is not in the same window as the script itself. At
least in Gecko.
-Boris
Received on Wednesday, 23 February 2011 06:17:49 UTC