ggaren at apple.com
Tue Mar 19 14:50:35 PDT 2013
> Adam also cited the Chromium WebKit allowScriptFromSource/didNotAllowScript API.
> From looking at how it hooks into WebCore, it appears to require the decision to execute a script to be dynamic, even when scripting is generally disabled.
> We implement a rule system (called content settings) where script execution (but also e.g. cookies) can be controlled depending on the security origin of the frame, and the security origin of the main frame. This allows for allow scripts from the main frame's security origin to run, while third-party scripts are blocked.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the webkit-dev