[Webkit-unassigned] [Bug 193439] [GTK][WPE] Add enable-javascript-markup setting

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jan 25 01:26:24 PST 2019


--- Comment #11 from Carlos Garcia Campos <cgarcia at igalia.com> ---
(In reply to Michael Catanzaro from comment #10)
> (In reply to Carlos Garcia Campos from comment #9)
> > I think this is pretty clear too... JavaScript execution is not disallowed
> > at all, the script elements and attributes are re moved from the document,
> > that's the only thing.
> Are there other ways to execute JavaScript, asides from script elements,
> script attributes, and API requests? I guess not?
> > > This looked like something we could change on a cross-platform basis. So
> > > then maybe this new setting is not needed after all, if it, in practice,
> > > just blocks all JS except API requests?
> > 
> > That's a good question, I'm adding Geoffrey to the CC, since he suggested to
> > use this setting instead of enable-js.
> Basically I think we should fix bug #192753 one way or the other *first* and
> only *then* decide whether to add this setting. Because as I understand this
> setting, our solution to that bug might obviate the need for this setting.

This is not so easy in the end. Maybe run_js should be allowed when js is disabled in settings, but FrameLoader doesn't dispatch didClearWindowObjectInWorld() when scripts are not allowed, so we can't inject our internal js api in the web process. There are more places where canExecuteScripts() is checked. I think it's by far a lot easier to explain and understand that script elements and attributes are removed from the document while parsing.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190125/1a657684/attachment-0001.html>

More information about the webkit-unassigned mailing list