Currently we support things like <img src="javascript:stuff">, as well
as <link href="stylesheet" href="javascript:stuff"> and
@import(url("javascript:stuff")). What these do is run the script in a
sandbox and then if it returns a value other than undefined treat that
value as data for the load.
I believe at this point we're the only UA that does this, and it causes
some issue with other parts of the system that don't expect content to
be able to create sandboxes.
I'm planning to remove this sandbox stuff from javascript:. Either
it'll be running in a navigation context (toplevel window, iframe,
<object data="javascript:">) or it won't run at all.
The work is happening in
https://bugzilla.mozilla.org/show_bug.cgi?id=1018583
-Boris
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
