abarth at webkit.org
Wed Nov 25 12:34:24 PST 2009
On Wed, Nov 25, 2009 at 12:30 PM, Maciej Stachowiak <mjs at apple.com> wrote:
> On Nov 25, 2009, at 6:05 AM, Adam Barth wrote:
> > Maybe we should have a DOM API called
> > webkitJailChildren("no-script-for-you") on Node that prevents future
> > children from running script. Making it a DOM API prevents authors
> > from trying to turn the feature on with markup.
> Interesting idea. This seems potentially trickier to implement than just
> innerStaticHTML, since nearly every method that mutates the DOM will have to
> check jail status. innerStaticHTML could be limited in scope to only
> operations that happen as part of parsing.
Instead of checking every DOM mutation, we could just walk the parent
pointers before executing a script to see if an ancestor is jailed.
More information about the webkit-dev