Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sort out isTrusted #338

Closed
annevk opened this issue Oct 5, 2016 · 3 comments
Closed

Sort out isTrusted #338

annevk opened this issue Oct 5, 2016 · 3 comments
Labels
web reality

Comments

@annevk
Copy link
Member

annevk commented Oct 5, 2016

From discussion with @smaug---- in #336 and IRC it seems that basically any user-agent dispatched event is trusted.

A notable exception is click(), which is untrusted.

But postMessage()-resulting message events, mutation events (as long as we keep them around), need to be trusted.

It seems there's not really a simple rule here, such as the JavaScript stack being empty (mutation events fail that) or the user agent dispatching the event (click()).
@annevk
Copy link
Member Author

annevk commented Oct 5, 2016

If click() is truly the one special case, perhaps the easiest thing to do here is to make the hooks provided to specifications default isTrusted to true and remove mentions of that attribute everywhere, except for around click().

@annevk
Copy link
Member Author

annevk commented Oct 11, 2016

It seems that's already more or less how things are setup. I cleaned up some of this in whatwg/html#1886 though as HTML does seems to sometimes mention "trusted" a bit too much.

@annevk
Copy link
Member Author

annevk commented Nov 22, 2016

With 7958b25 I think this is now fully settled.

@annevk annevk closed this as completed Nov 22, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
web reality
Milestone
No milestone
Development

No branches or pull requests
1 participant
@annevk