- From: Paweł Psztyć <notifications@github.com>
- Date: Tue, 14 Jan 2020 12:13:37 -0800
- To: w3c/webcomponents <webcomponents@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/webcomponents/issues/716/574352219@github.com>
I have yet another use case for using scoped registry. I gonna need help to tackle this issue. In our platform multiple applications can work simultaneously in the same document. Applications are coming from both our internal and external developers that builds for the platform. Because of that each application has to be secured by default. When using global registry when one application registers an element this element instantly is available to other applications running in the document. Some of them may operate on private data (either user or customers data). This leads to the decision made by our security team to disable global registry and custom elements altogether (we use proxy object on window). This decision makes WC unusable in our platform and I don't like this idea. So the question here would be how can we make scoping inaccessible from other scripts? Would it be possible to scope a component to a domain for example? So the application A hosted in domain a won't be able to initialize or even detect a component initialized by application B hosted on different sub domain? I guess that would also fix an issue I mentioned in my previous comment. Can anyone have a different idea of how to deal with such problem? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webcomponents/issues/716#issuecomment-574352219
Received on Tuesday, 14 January 2020 20:13:43 UTC