On 1/10/12 2:49 PM, Adam Barth wrote:
On Mon, Jan 9, 2012 at 10:02 PM, Boris Zbarsky<[email protected]> wrote:
On 1/10/12 12:48 AM, Tantek Çelik wrote:
Should 'beforeload'/'afterload' be explicitly specified and added to
the web platform?
Outside of extensions, what are the use cases? Can they usefully labor
under restrictions like knowing the URI to be loaded but not the context
it's being loaded in? AdBlock apparently can in at least some cases, yes?
Some web sites use beforeload to monitor for mixed content
vulnerabilities. In some cases, they block the load
Do they really need to block the load, or block processing of the response?
For the mixed-content case, it seems like blocking processing of the
response is enough (and that furthermore only the URI is needed, not the
actual element, to detect mixed-content cases).
-Boris
