CDR: Event propagation to parent documents

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

CDR: Event propagation to parent documents

Maciej Stachowiak


Section 2.2.1, event propagation to parent documents:

- This feature creates security issues for containing documents that  
use existing inclusion features. Now child documents can unilaterally  
decide to trigger any event handlers on any element in the parent  
document that contains the child. This may create unexpected security  
risks to documents that thought including child content was "safe"  
and would not thereby affect its keyboard and mouse handlers.

- This feature creates security issues for the contained document. It  
may wish to use an event to simply send a message to a parent  
document that is for security reasons otherwise inaccessible.  
However, because the Event interface includes the target node, it may  
therefore inadvertently expose its whole DOM.

- If cross-document event propagation is to be included, I request  
that it be changed so that both parent and child have to consent.

- But better yet, I recommend that cross-document event propagation  
be removed, and that instead cross-document communication be designed  
in a way that does not overload existing features, to minimize the  
security risk. One example would be cross-document messaging, as  
implemented in Opera: <http://virtuelvis.com/archives/2005/12/cross- 
document-messaging> and proposed for standardization by whatwg as  
part of Web Apps 1.0: <http://whatwg.org/specs/web-apps/current-work/ 
#crossDocumentMessages>

Regards,
Maciej