W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2011

[whatwg] comment on a part of the script execution spec, regarding not fully active documents

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 22 Jun 2011 13:34:21 -0400
Message-ID: <4E02279D.9000905@mit.edu>
On 6/22/11 11:51 AM, Hallvord R. M. Steen wrote:
> Opera actually does a check earlier - there is an origin check if a
> script attempts to set location / location.href to a string that starts
> with javascript:.

That's fine, as long as there is _also_ a check right before the script 

> (This model is of course safe if the javascript: URL
> executes immediately.

Indeed, which is not the case in many UAs and not the case in the spec 
last I checked... unless that's changed?

> Well, I somewhat disagree with the "doesn't make much sense" claim here
> ;).

Throwing an exception from the async attempt to execute would do ... 
what exactly?

> It made sense to me to inform either the setting script

Which isn't on the stack anymore by the time the exception is thrown?

> or the script inside the javascript: URL itself

Which isn't getting run?

Received on Wednesday, 22 June 2011 10:34:21 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:34 UTC