The beforeload event in Webkit is extremely useful for things like blocking images or JavaScript from loading, but it's implementation is incomplete. For example, there is no beforeload event fired for link tags with rel=icon, rel=prefetch, or rel=dns-prefetch, no beforeload event for XMLHttpRequest calls, no beforeload event for any images loaded from stylesheet references, and no beforeload event prior to the default favicon being requested. Please see the provided URL for a short discussion on the issues this presented while attempting to build a Safari extension similar to the HTTPS Everywhere Firefox extension developed by the EFF. Ideally, it would be great to have a beforeload event fired for any network request, regardless of the resource type being requested.
Bug 56424 captures the icon and prefetch implications of this.
To append to Jeff's list: you can't block in-Flash resources using beforeload, which makes AdBlock For Safari incomplete.
Any updates on plans for fixing this? This is incredibly crucial to how effective some popular extensions for Safari can be. `beforeload` should capture requests made by: 1) JavaScript XHR 2) JavaScript element creation (`new Image().src = "http://something.com/"`); 3) Resources for plugins running in a page ... that kind of thing I'd be glad to spend time studying WebKit's source and adding support for this — please let me know if/whether/how I can help.
Right now, extensions such as µBlock are forced to use a hack where a script is injected into webpages which overrides the global `XMLHttpRequest` prototype. This is really bad, but it's the only way to get around this limitation.