On Thu, Sep 10, 2009 at 12:35 AM, Adam Barth<[email protected]> wrote:
>
> On Thu, Sep 10, 2009 at 12:31 AM, Aaron Boodman <[email protected]> wrote:
>> On Thu, Sep 10, 2009 at 12:22 AM, Adam Barth<[email protected]> wrote:
>>> It's interesting that this code sample uses the string form of
>>> setTimeout to inject script into the main world. Are we sure we want
>>> to change that to compile the string argument in the isolated world?
>>
>> That makes sense to me... what are you concerned about?
>
> This is purely an API design issue. Either choice is fine for
> security. If we change the string form of setTimeout from compiling
> in the main world to compiling in the isolated world, we should give
> folks a clean API for running scripts asynchronously in the main world
> instead of making them use JavaScript URLs or createElement("script").
I have no idea which people will want to do more commonly, but to me
it seems like we already have a primitive to execute script in the
main world. There's no need to have a separate primitive to do so
asynchronously when you can just make that by combining with
setTimeout.
> My question is whether you'd still like me to make that change.
Yes.
> (Maybe laziness is tricking me into thinking it might be a good idea
> to leave as-is to enable use cases like in this thread.)
I think the use case in this thread actually works better if the
script is compiled in the isolated world.
Current code that is wrong:
function stuff() {
setTimeout("someElement.click()", timeout);
stuff();
}
Obvious fix, but doesn't work today:
function stuff() {
setTimeout("someElement.click(); stuff();", timeout);
}
If we made setTimeout compile in the isolated world, the second
snippet would work.
- a
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Chromium-extensions" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/chromium-extensions?hl=en
-~----------~----~----~----~------~----~------~--~---
