the shortest possible string for document.domain is.
3) Set cookies for all servers in a domain easily from JS without specific
string operations on the hostname
Thoughts?
--
Hallvord R. M. Steen
Core tester, Opera Software
On Thu, 08 Sep 2011 22:57:25 +0200, Ian Hickson i...@hixie.ch wrote:
On Thu, 8 Sep 2011, Hallvord R. M. Steen wrote:
in our experience firing both load and readystatechange
events on SCRIPT will be painful. I suggest removing the latter again.
Interesting. We added it for compatibility
Siterer Ian Hickson i...@hixie.ch:
Note that I recently checked in some changes to script to expose a
readyState IDL attribute and to fire 'readystatechange' events, based on
what IE has implemented here.
Hi Ian,
as far as I know Opera is currently the only browser that supports
both
R. M. Steen, Core Tester, Opera Software
http://www.opera.com http://my.opera.com/hallvors/
On Tue, 21 Jun 2011 23:42:32 +0900, Boris Zbarsky bzbar...@mit.edu wrote:
On 6/21/11 5:21 AM, Hallvord R. M. Steen wrote:
Another issue I noticed is in the text under the heading the
javascript: URL scheme - specifically the last otherwise part of the
text. This is about trying to navigate
.
--
Hallvord R. M. Steen
report on Opera's implementation here -
if there are compat issues we haven't found them yet..
--
Hallvord R. M. Steen
it is developed a
bit further, for now thanks for any light anybody can shed on these
questions.
--
Hallvord R. M. Steen
cut/copy/paste event? Why is it useful to have both? Are you
aware of legacy content that requires before* events?
I will probably share the draft spec and tests when it is developed a
bit further, for now thanks for any light anybody can shed on these
questions.
--
Hallvord R. M. Steen
'/'.
--
Hallvord R. M. Steen
I wouldn't even issue an advisory for it.
Fine, we will change it on our side, and I commented on the spec:
http://www.w3.org/Bugs/Public/show_bug.cgi?id=10211
--
Hallvord R. M. Steen
is that if you fix this quickly we could avoid usage
spreading even more on the web. However, we have a patch ready to go
to align Opera's implementation with yours, in case you want to keep
it and get Ian to change the spec.
--
Hallvord R. M. Steen
://bugzilla.mozilla.org/show_bug.cgi?id=578380
--
Hallvord R. M. Steen
to fix it to align with the spec?
Hallvord
--
Hallvord R. M. Steen
no matter what the actual
markup looked like. So we had to implement a somewhat magic firstChild
on documentElement and I expect other browsers had to too (as your
testing seems to confirm, more or less). Which reminds me, this
peculiarity should possibly be documented in HTML5 :-) .
--
Hallvord R. M
magic than I remembered - it only skips text nodes, not
comments.. And perhaps what happens is that the text node is put
inside body instead? I'd have to do some more testing to tell what
browsers actually do..
--
Hallvord R. M. Steen
in order to place it on the clipboard question with
vCard microformat.
--
Hallvord R. M. Steen
Facebook groups trying to get it working there.
--
Hallvord R. M. Steen
the
information in a site-specific way and make it available to the UA as
HTML-embedded meta data..
--
Hallvord R. M. Steen
up or archiving a message they want to keep).
--
Hallvord R. M. Steen
can/should do if possible is to make
transparent IFRAMEs transparent to events - basically un-focusable.
--
Hallvord R. M. Steen
and hope a UI genius proves me wrong. :)
--
Hallvord R. M. Steen
){
if(e.data=='Hi'){
e.reply('Hello');
}
}, false )
--
Hallvord R. M. Steen
On 07/02/2008, Thomas Broyer [EMAIL PROTECTED] wrote:
On Feb 7, 2008 10:24 AM, Hallvord R M Steen wrote:
Adam Barth and Collin Jackson pointed out to me that while
investigating frame navigation policies they found that a recipient of
a postMessage in Opera can set event.source.location
. The browser's frame navigation policy
determines whether this navigation is permitted.
Exactly.
--
Hallvord R. M. Steen
://untrusted.example.org'
w.postMessage( '...' );
Untrusted content now gets a window reference it would not otherwise
have, and will be allowed to set location if this scripts runs in the
top context of the opener.
--
Hallvord R. M. Steen
.
--
Hallvord R. M. Steen
to ensure
backwards compatibility - ASP.NET form validation is going to cause us
serious problems otherwise.
--
Hallvord R. M. Steen
to the event's target's
.offsetParent (important, and the offsetParent stuff isn't covered in
the current spec )
* it keeps pointing to the same element until another interaction with
the document sets it again (important)
--
Hallvord R. M. Steen
, and some implementations only defer it until seeing the
next SCRIPT element in the source. Relying on it the way your use case
does will work in very few browsers, and specifying this in HTML5
would increase backwards incompatibility for a very minimal gain.
--
Hallvord R. M. Steen
property. For example, one could extend the features
argument of window.open:
window.open(url, name, 'openerproperty=0');
Thoughts?
References:
http://my.opera.com/hallvors/blog/2007/03/14/window-opener-and-security-an-unfixable-problem
--
Hallvord R. M. Steen
to window.history was detected. I don't know if it ever got
implemented, or even if any of the other browser vendors addressed it.
On 20 Mar 2007, at 11:40, Hallvord R M Steen wrote:
Hi,
when a new window or tab is opened by a page it normally has a
window.opener property that points to the window object
might be far-fetched but certainly will exist somewhere if
browsers haven't thrown exceptions so far.
Now if you have time I'd like some comments on the proposal
window.open(url,name, 'openerproperty=0');
;)
On 20 Mar 2007, at 13:00, Hallvord R M Steen wrote:
On 20/03/07, Gareth Hay [EMAIL
On 20/03/07, timeless [EMAIL PROTECTED] wrote:
On 3/20/07, Hallvord R M Steen [EMAIL PROTECTED] wrote:
http://my.opera.com/hallvors/blog/2007/03/14/window-opener-and-security-an-unfixable-problem
I believe you'll find that Gmail does not have this problem, because
when it uses window.open
address
modification.
--
Hallvord R. M. Steen
a nice idea. It works in Firefox but fails in IE and Opera.
--
Hallvord R. M. Steen
to cure a problem, that is
also cured by window.opener.opener
You mean window.top.opener . No, that issue is in no way related to
the suggested extension.
--
Hallvord R. M. Steen
is
help.example.com the UA clearly should allow them to communicate by
request. Believe me, nulling window.opener if origin check fails will
break MANY sites.
And now I'm going to shut up. Really :)
--
Hallvord R. M. Steen
=this.form.submit()
I'd rename the form attribute to formsList . (Name is up for
discussion of course..)
--
Hallvord R. M. Steen
visually or in form submission. Once you've tried
to understand the complexity involved we'll have more common ground
for the discussion.
--
Hallvord R. M. Steen
.)
[1] disclaimer: not intended as a flame-bait but probably is one.. :-ΓΈ
--
Hallvord R. M. Steen
with a checked attribute.
It does.
Included in the discussion to make sure HTML5 continues to do so even
if the change I want (more liberal validation) is taken in.
--
Hallvord R. M. Steen
.
Sam says:
for the checked/ example it actually could go
either way. I'd personally would allow it.
Allow as in not make the validator warn against it I presume.
Anything goes as long as it is not appended to the attribute name..
--
Hallvord R. M. Steen
that if/when it encounters a browser that can handle the
datalist that it does not execute?
What about this attempt?
http://www.hallvord.com/opera/demo/wf2-datalist.htm
--
Hallvord R. M. Steen
in a way that hinder keyboard
operation, and user agents may override any such use of focus-related
scripting operations.'
I'm not sure what spec to put it in, and we've also discussed possible
collateral damage if sites use this in legitimate ways. Thoughts?
--
Hallvord R. M. Steen
to
the control's value is not its defaultValue and the control has more
than the specified number of code points
--
Hallvord R. M. Steen
liThe control is not spana href=#disableddisabled/a/span.
add the following:
liThe control is not spana href=#readonlyreadonly/a/span.
liThe control's type attribute is not hidden.
--
Hallvord R. M. Steen
would do, such as ?
--
Hallvord R. M. Steen
the correct one).
Any thoughts?
--
Hallvord R. M. Steen
thoughts on this?
--
Hallvord R. M. Steen
like your taste in browser and E-mail software :-)
--
Hallvord R. M. Steen
attribute, maxbytes or
filesize perhaps, to be more compatible with existing content?
--
Hallvord R. M. Steen
and would run with normal privileges.
--
Hallvord R. M. Steen
('form') and expect a reference to the
form object.
I don't think this will become a problem because .form is common usage anyway.
--
Hallvord R. M. Steen
form *start* tags. They do not
close the outer form before the start tag of the inner form, but they
do close it on the end tag of the inner form.
--
Hallvord R. M. Steen
submit successful controls
associated with the outer form INCLUDING those that in the markup are
inside the inner form
Code example: given
form
input name=i1
form
input name=i2
/form
/form
should submitting the outer form also send the i2 element?
--
Hallvord R. M. Steen
for having a logged in indication and a log out feature in
its UI.
It might also be used by the UA to (optionally) automatically log out
when the user closes the window or the application.
Perhaps we want to add rel=login too?
--
Hallvord R. M. Steen
and not a
window, and call the plugin's NPP_NewStream method (I think, I don't
know NPAPI well at all) to notify it of the new file to load. I think
backwards compatibility is pretty good since a non-compliant UA would
open a new window for the new file.
What do you think of this idea?
--
Hallvord R. M. Steen
58 matches
Mail list logo
