top | item 10922656

(no title)

DrewHintz | 10 years ago

> isTrusted can apparently be spoofed

isTrusted cannot be spoofed in this situation, which is its intended use in Chrome. A Chrome extension in the isolated world is receiving events from the main world and checking isTrusted for those events.

discuss

level3|10 years ago

Thanks for the clarification. I assume the spoofability applies only to JS in the main world then? And extensions can receive the event before a script has a chance to fiddle with it?

Sorry for the questions, just trying to figure out how this all works, and Googling doesn't give me a clear answer.