On 12/6/10 7:45 PM, Ian Hickson wrote:
per spec, currently, if you grab a reference (from another Window) to a document that you then send into session history (bfcache), you can still mutate that document, call dispatchEvent() on it, run scripts in it, etc.
I don't believe Gecko would be willing to implement that, for security reasons. As soon as you try to do things of that sort in a bfcached document it _will_ in fact get evicted. I don't believe we plan to change that. I'd be interested in what other UAs views are on this.
This is also why we drop the browsing context when an iframe is removed from the document. This part we may be able to change without introducing security problems, maybe... Not clear yet.
-Boris
