Alexey Feldgendler wrote:
I propose to define the notion of "side effect free script". All
browsers which allow scripts in declarations like CSS should only allow
side effect free scripts in such places.
I think this is a very good idea. I hope it can be achieved.
When a script thread is in side effect free mode:
1. It stays in this mode until the thread completes.
2. It can call any non-native function, but the same restrictions apply.
3. It cannot assign any variables except locals.
4. It cannot call any native function except those specifically marked
by the spec as side effects free. For example, sin() is side effects
free, and window.open() is not.
5. It can read any property that can be normally read.
6. It cannot assign any property for which a native setter function is
used.
Ok, here you make it clear that with side effects you only mean visible
side effects? It seems you are fine with setting properties of
non-native javascript objects.
7. It cannot create new object instances except those specifically
marked by the spec as side effects free. For example, RegExp is side
effects free, and Image is not.
Creating an Image should be allowed. It might be needed for
measurements. Appending it to the document shouldn't.
8. Any attempt to break these restrictions should generate an exception.
9. Optionally, execution time limit may be imposed on the thread, so
that it doesn't make the document unrenderable by running an endless
loop inside CSS expression().
Javascript might already be too complex to achieve all this, but it
should certainly be investigated.
--
Sjoerd Visscher
http://w3future.com/weblog/
