Hi Jochen. > Adam also cited the Chromium WebKit allowScriptFromSource/didNotAllowScript > API. > > From looking at how it hooks into WebCore, it appears to require the decision > to execute a script to be dynamic, even when scripting is generally disabled. > > We implement a rule system (called content settings) where script execution > (but also e.g. cookies) can be controlled depending on the security origin of > the frame, and the security origin of the main frame. This allows for allow > scripts from the main frame's security origin to run, while third-party > scripts are blocked.
To clarify, do you expect both allowScriptFromSource and didNotAllowScript to fire when JavaScript is disabled? If JavaScript is disabled, but allowScriptFromSource returns true, do you expect the script to execute or not? Thanks, Geoff
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
