On Mon, 29 May 2006 13:13:30 +0700, Andrew Fedoniouk <[EMAIL PROTECTED]> wrote:
>> The only useful result of a side effects free script is its return value.
>> That is, in fact, the very purpose for which CSS expression() exists. It's
>> MEANT to be side effects free, but is systematically abused.
- Original Message -
From: "Alexey Feldgendler" <[EMAIL PROTECTED]>
Subject: Re: [whatwg] Side effects free scripts
On Mon, 29 May 2006 08:31:06 +0700, Andrew Fedoniouk
<[EMAIL PROTECTED]> wrote:
Ok, here you make it clear that with side effects you only mean visible
side effects?
On Mon, 29 May 2006 08:31:06 +0700, Andrew Fedoniouk <[EMAIL PROTECTED]> wrote:
>>> Ok, here you make it clear that with side effects you only mean visible
>>> side effects?
>> No, all side effects in the mathematical sense. The script is not allowed
>> to alter the state of the world in any way.
- Original Message -
From: "Alexey Feldgendler" <[EMAIL PROTECTED]>
On Sun, 28 May 2006 17:05:45 +0700, Sjoerd Visscher <[EMAIL PROTECTED]>
wrote:
When a script thread is in side effect free mode:
1. It stays in this mode until the thread completes.
2. It can call any non-native
On Sun, 28 May 2006 17:05:45 +0700, Sjoerd Visscher <[EMAIL PROTECTED]>
wrote:
When a script thread is in side effect free mode:
1. It stays in this mode until the thread completes.
2. It can call any non-native function, but the same restrictions
apply.
3. It cannot assign any variables
Alexey Feldgendler wrote:
I propose to define the notion of "side effect free script". All
browsers which allow scripts in declarations like CSS should only allow
side effect free scripts in such places.
I think this is a very good idea. I hope it can be achieved.
When a script thread is in
On May 28, 2006, at 12:38, Vladimir Vukicevic wrote:
Now, to be fair, I don't really care either way,
just looking for consistency... should using fillRect/strokeRect be
defined as convenience functions doing the same job as creating a
rectangular path and calling fill/stroke?
What do underlyi
On Sun, 28 May 2006 03:31:56 +0700, Mihai Sucan <[EMAIL PROTECTED]>
wrote:
Sandboxes would, of course, deal with this, but there is a much simpler
measure targeted specifically at such exploits.
Yes, sandboxes are somehow overkill, like "did the web reach this level
already?". That's some
Doesn't a zero-width (or zero-height, as long as it's only one)
degenerate into a vertical (horizontal) line when stroked, due to the
line width? A filled rectangle doesn't, because the area to fill is
defined exactly by the rectangular path (which has 0 thickness),
whereas a stroked path takes t
