I'm a Firefox extension developer. On July 2011 I received a message from an automated compatibility test stating that the use of on* attributes has security risks. My bad I deleted that message to quote it textually. The question is, I think that that security risk should be mentioned on this page, and on* attributes should be discouraged (just mention it on ref pages like this) and/or depecrated (rising warnings on the console). (where's the button to insert the signature?) -- another_sam 18 June 2011

The popupshowing event claims that: "Returning false from this event handler prevents the popup from appearing" but this does not seem to be the case, and recommends using event.preventDefault(); instead. Is this a bug in the software, or an error on the wiki page? --MatrixFrog 23 July 2010

I asked about this on IRC. It turns out that it does work as documented, but only if you return false from a function added as a XUL attribute, not for an event listener added via addEventListener. Also, because the Javascript code in the attribute is basically just eval'd, you need to put onpopupshowing="return myEventHandlingFunction(event);", not just onpopupshowing="myEventHandlingFunction(event);" --MatrixFrog 26 July 2010

DOMMouseScroll testcase: --Nickolay 11:19, 8 March 2007 (PST)

Why onClick, onSelect... aren't indicated in All XUL elements pages ? I think that can be useful. Harobed 05:41, 5 December 2007 (PST)

Document Tags and Contributors

Contributors to this page: another_sam, MatrixFrog, Harobed, Nickolay
Last updated by: another_sam,