On 4/24/12 5:08 PM, Tobie Langel wrote:
On 4/24/12 11:04 PM, "Boris Zbarsky"<bzbar...@mit.edu> wrote:
On 4/24/12 5:02 PM, Boris Zbarsky wrote:
Oh, and that's before we get into default actions implemented by
extensions.
And one more thing: extensions _definitely_ want to know whether events
are trusted or not. This doesn't necessitate a web-exposed API,
obviously; the property could only be visible in extension code. But it
does necessitate the internal flag.
So is it exposed to web content to fulfill particular use-cases?
Gecko initially exposed it because it was easier to do so than to only
expose it to extensions but hide it from web content, I believe (or more
precisely the latter was not really possible in Gecko at the time; it
would be quite possible now).
I wasn't involved in the discussion about exposing it in the spec, so no
idea what the precise reasons there were.
Web content _can_ have the same use cases as browser extensions, but
Glenn's point about web content having to trust other stuff in the same
frame is of course true.
At least until we start having some web content with elevated privileges
(see e.g. the direction Boot2Gecko is going in) which will require
something like this exposed again.
-Boris
