W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2014

Re: [whatwg] Proposal: Write-only submittable form-associated controls.

From: Mike West <mkwst@google.com>
Date: Wed, 15 Oct 2014 16:27:47 +0200
Message-ID: <CAKXHy=cR6SzjmQPM4bNzfsNrMk+xcS7nQZoZxU1P1tMtEzwKxA@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: whatwg@lists.whatwg.org
Yes. Two things about service workers:

1. If you can spin up a service worker, the site is already very much in
trouble.

2. I have handwavey ideas about ensuring that the FormData object which
would be readable via the Request object in the service worker would retain
the opaque flag. The spec strawman hints at that, but I haven't done the
work to find all the places to monkey-patch.

-mike

--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Wed, Oct 15, 2014 at 4:25 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote:

> On 10/15/14, 10:15 AM, Mike West wrote:
>
>> `FormData` objects created from forms including these writeonly elements
>> would be "opaque". You could use them to submit an XHR request, but you
>> couldn't read the values directly from script.
>>
>
> If you're at the point where you can run script on the page, can't you
> spin up a service worker that would capture the data in that XHR?
>
> -Boris
>
Received on Wednesday, 15 October 2014 14:28:36 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:24 UTC