On Fri, 23 Apr 2010 08:52:29 +0200, Simon Pieters <[email protected]> wrote:
On Fri, 23 Apr 2010 01:28:47 +0200, Robert O'Callahan
<[email protected]> wrote:
See https://bugzilla.mozilla.org/show_bug.cgi?id=519928
Suppose we have a <script> element inside a contenteditable parent.
Should
the script run? What about on* attribute event handlers, should they
fire in
response to events? What about <object> plugins inside a contenteditable
parent, should they be instantiated?
In Webkit, scripts, event handlers and plugins run normally. IE disables
them. Gecko disables them when designmode is used but enables them for
contenteditable. In
https://bugzilla.mozilla.org/show_bug.cgi?id=519928#c46a CKEditor
developer argues forcefully that we should disable them.
If we do choose to disable them, exactly how this should be specced is
not
completely clear to me.
There is a side issue of how editable <iframe>s should be treated.
Presumably we should load the subdocument, but if we disabled scripts
for
editable content, should we allow scripts to run inside the <iframe>
document? Probably yes to allow framebusting to run. Perhaps we should
prevent user events from being delivered to the <iframe> document
though?
I think scripts, event handlers and plugins should run normally in
contenteditable. Opera have tried hard to reverse engineer and implement
the script disabling behavior for designMode in IE and Mozilla, but
really I think it would be saner if we let scripts, event handlers and
plugins run normally in designMode as well.
http://lists.w3.org/Archives/Public/public-html/2007Nov/0218.html
http://lists.w3.org/Archives/Public/public-html/2008Mar/0038.html
(We might have changed behavior again slightly for compat with some
sites, I don't recall the details.)
Apparently the details are as follows:
[[
pre-included scripts run -
http://software.hixie.ch/utilities/js/live-dom-viewer/saved/456 (same as
before afaict, but unlike Gecko)
inserted scripts do not run -
http://software.hixie.ch/utilities/js/live-dom-viewer/saved/457
eventlisteners work -
http://software.hixie.ch/utilities/js/live-dom-viewer/saved/458 (new
behavior, this was what broke Y!Mail, ebay, baidu)
on* attributes do not work -
http://software.hixie.ch/utilities/js/live-dom-viewer/saved/459 (same as
before)
]]
It seems Hixie has decided to go back to the WebKit behavior in the spec
for designMode.
http://html5.org/tools/web-apps-tracker?from=2817&to=2818
--
Simon Pieters
Opera Software
