- From: Ian Hickson <ian@hixie.ch>
- Date: Wed, 8 Feb 2012 22:38:33 +0000 (UTC)
On Wed, 8 Feb 2012, Boris Zbarsky wrote: > On 2/8/12 3:50 PM, Ian Hickson wrote: > > "Should events be paused on detached iframes"? Or another question? > > (Sorry, I've lost the context here.) > > The thread is discontinuous in the archives (why?) Mailman archives suck. I found the thread in a more usable form here: http://old.nabble.com/Should-events-be-paused-on-detached-iframes--to29526129.html#a29526129 > but I think the relevant part was: > > It's possible to switch these relevant checks to walk the > ownerDocument chain instead, say. Then we need to audit all the > callsites to make sure this makes sense at them and figure out what > to do for the ones where it doesn't. (For example, should > window.alert on the window of an iframe not in the DOM put up a > dialog in a tab based on the ownerDocument of the iframe? Or not put > one up at all?) There are quite a few APIs that need to be thus > audited if this invariant is changed. My overall response is still the same: I'm happy to consider specific cases. As far as I'm aware, the spec doesn't have any privilege escalation bugs of this nature. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 8 February 2012 14:38:33 UTC