Le 06/10/2012 19:52, Allen Wirfs-Brock a écrit : > (...) > > Either of these use cases seem like something that should be easily > accomplished, if you are defining the module loaders that set up the > frames and control module loading into the frames. True. That may be a good idea to think about it from this angle, I totally agree.
> However, if you simply use HTML iframes then you are presumably using > an implementation provided module loader that implements the > cross-frame sharing rules defined by the html spec. Can the first > approach be accomplished today using iframes? I guess not. There were some flaws in how HTML handles scripts, namely (among others) unconditional execution of inline scripts and unconditional execution of scripts whichever there source is. Both could lead to XSS as we know. Since the flaws couldn't be fixed at the content level, they've been fixed at a lower-level (CSP). It might be where to find the solution. Assuming every set of frame is a tree, maybe an HTML attribute could define a script source which defines a module loader for how modules are being imported in the iframe? David _______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
