Intent to unship: javascript: execution outside navigation contexts

[Boris Zbarsky]

Currently we support things like <img src="javascript:stuff">, as well
as <link href="stylesheet" href="javascript:stuff"> and
@import(url("javascript:stuff")). What these do is run the script in a
sandbox and then if it returns a value other than undefined treat that
value as data for the load.

I believe at this point we're the only UA that does this, and it causes
some issue with other parts of the system that don't expect content to
be able to create sandboxes.

I'm planning to remove this sandbox stuff from javascript:. Either
it'll be running in a navigation context (toplevel window, iframe,
<object data="javascript:">) or it won't run at all.

The work is happening in
https://bugzilla.mozilla.org/show_bug.cgi?id=1018583

-Boris

[Anne van Kesteren]

On Fri, Jun 6, 2014 at 4:33 PM, Boris Zbarsky <bzba...@mit.edu> wrote:
> I'm planning to remove this sandbox stuff from javascript:. Either it'll be
> running in a navigation context (toplevel window, iframe, <object
> data="javascript:">) or it won't run at all.

And return the equivalent of a network error?

Sounds great to me.


--
http://annevankesteren.nl/