W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2011

[whatwg] Should events be paused on detached iframes?

From: Ian Hickson <ian@hixie.ch>
Date: Tue, 14 Jun 2011 00:09:54 +0000 (UTC)
Message-ID: <Pine.LNX.4.64.1106132358030.19153@ps20323.dreamhostps.com>
On Fri, 4 Mar 2011, Boris Zbarsky wrote:
> On 3/4/11 7:08 PM, Ian Hickson wrote:
> > Could you elaborate on the security reasons?
> The primary one is that there there are Gecko-internal security settings 
> that are supposed to apply to "this browsing context and all descendant 
> browsing contexts".
> Right now this is handled by traversing a parent chain that has to be 
> broken when the node is removed from the document.  To avoid giving the 
> node's contentWindow permissions it shouldn't have, we then make sure 
> script can't run in it, by the simple expedient of tearing down the 
> browsing context...
> It's possible to switch these relevant checks to walk the ownerDocument 
> chain instead, say.  Then we need to audit all the callsites to make 
> sure this makes sense at them and figure out what to do for the ones 
> where it doesn't.  (For example, should window.alert on the window of an 
> iframe not in the DOM put up a dialog in a tab based on the 
> ownerDocument of the iframe?  Or not put one up at all?)

It should put it up in the context of the top-level browsing context of 
the script that led to that point (the "first script"). This is the same 
as if someone in one tab calls another tab's script and that script calls 

Note that only direct script invokations would work here. setTimeout, 
events, XHR callbacks, etc, don't run while the document is not active. (I 
had previously set that dispatchEvent() would work, but this is incorrect 
per the spec at the moment. My apologies.)

> There are quite a few APIs that need to be thus audited if this 
> invariant is changed.

Are there any I should look for off-hand?

> > It certainly seems like there are some valid use cases for moving 
> > frames around from document to document.
> There are, yes.  There are also lots of edge cases that are otherwise 
> impossible that are introduced by allowing it; I'm a little curious as 
> to how compatible with each other the IE8 and Chrome implementations 
> are.

I agree that this is an area that might well be minimally interoperable at 
the moment. That, of course, is the main reason to specify it. :-)

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Monday, 13 June 2011 17:09:54 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:33 UTC