- From: Ian Hickson <ian@hixie.ch>
- Date: Sat, 4 Feb 2012 03:53:34 +0000 (UTC)
On Fri, 3 Feb 2012, Boris Zbarsky wrote: > On 2/3/12 3:38 PM, Ian Hickson wrote: > > > I also believe that we have proposed this for standardization in the > > > past, though it seems to have fallen through the cracks a bit... > > > > I couldn't find any mention of it in the WHATWG archives or Bugzilla, > > though I did find an e-mail from sicking saying he'd proposed it to > > the WHATWG list. :-( > > http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2010-August/027975.html > and then there were some followup mails with broken threading > bikeshedding the names looks like. Ah yes, that thread is here currently: http://www.whatwg.org/issues/#New-features--script-element Since the use cases were for new features (as opposed to addressing security vulnerabilities, which seem more important), I have been deferring it until I get through the bug reports. So it didn't fall through the cracks, it's still in a bucket. :-) (Since I've now done half of that thread's requests anyway, and since it's gotten implementations already now, I'll fasttrack it.) > > As noted in the previous e-mail, it's not clear that the > > content-blocker use cases are valid. The use case that is compelling > > for beforescriptexecute is regarding sites who are trying to address > > mixed content vulnerabilities progressively and need to closer control > > over external script execution. > > That's the use case I was talking about, but they'd want at least > control over stylesheets too, I'd think. Surely for the style sheets there's far less of a difficulty in getting things right? I don't really understand what vulnerability would be relevant here such that you'd need per-stylesheet control over what was being imported. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 3 February 2012 19:53:34 UTC