Confirmed users
157
edits
Firefox3.1/Server-Sent DOM Events: Difference between revisions
Firefox3.1/Server-Sent DOM Events (view source)
Revision as of 23:45, 13 November 2008
, 13 November 2008→Review comments
m (→Schedule) |
|||
| (2 intermediate revisions by one other user not shown) | |||
| Line 69: | Line 69: | ||
== Review comments == | == Review comments == | ||
* is some form of CheckLoadURI() called on the connections? | |||
* are the nsIContentPolicy providers consulted? | |||
* There is currently no way to disable this functionality. At the very least we need a global "off" pref (say "dom.server-events.enabled", default true but can be set false). | |||
* will people want the flexibility to control this per site? Would that be sites that are allowed to use the feature, or sites which are allowed to be an event source? Probably the former, but either way that could be added by an extension as long as the nsIContentPolicy providers are called. | |||
* Probably need a new load type for the providers to check. | |||
* Need to make sure connections get cleaned up when their node goes away. Does it make a difference if their node is not part of a document? | |||
* Having servers create events the mimic other event types (clicks, etc) is troubling. We'd be happier if they were always clearly messages. | |||
* what-wg spec seems to be still a moving target | |||
* Discussed with Hixie about injecting <eventsource src="some_evil_site_with_ac"> to a site. Hixie argued that whitelisting is what the sites should do. -Smaug | |||