- From: <bugzilla@jessica.w3.org>
- Date: Tue, 18 Jun 2013 23:04:49 +0000
- To: public-webapps-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=21958 --- Comment #16 from Dominic Cooney <dominicc@chromium.org> --- (In reply to comment #15) > (In reply to comment #14) > > (In reply to comment #13) > > > "document environment" definition is a bit too squishy in HTML spec. We > > > should just use the Window object? > > > > I've lost the use-case we're trying to solve with this change. Is the idea > > to share custom elements among groups of same-origin (related?) documents or > > to make document.implementation.crweateHTMLDocument().register work by > > registering the new custom element somewhere where "document" can get at it? > > The latter. I think this statement is right: for one set of built-ins, > there's also one custom element registry. This is important for <template> > and later <link rel="import">. Adam would point out that there could be code in the wild using DOMParser or document.implementation.createHTMLDocument to parse untrusted content, or Cross-Origin XHR to retrieve documents, and that code assumes those documents don't activate anything. If you make this change, the custom elements defined by the page can be activated by that untrusted content. That may not be a good idea. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Tuesday, 18 June 2013 23:04:52 UTC