W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2011

Re: Component Model is not an Isolation Model

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 09 Mar 2011 22:17:55 -0500
Message-ID: <4D7842E3.1030307@mit.edu>
To: Dimitri Glazkov <dglazkov@chromium.org>
CC: public-webapps <public-webapps@w3.org>
On 3/9/11 7:30 PM, Dimitri Glazkov wrote:
>> From the perspective of the component, the isolation is unfairly
> punishing -- you can't use the outside DOM or even DOM element on
> which you're hoisted, you can't add methods to it, and you have to
> always imagine the membrane in order to build a proper mental model of
> what the heck you're trying to accomplish.

This is sort of a requirement for being able to use components that you 
don't trust to arbitrarily mess with your DOM though, no?

Also, the component wants to keep the document from poking at its 
internals except via the APIs the component exposes, I would think.

>> From the perspective of the document, the isolation is too fiddly:
> it's rare that the level of isolation at the _individual_ component
> level is what's actually necessary.

I'm not sure what the "fiddly" issue is here...  From the perspective of 
the document isolation should mean two things:

1)  Cross-site components are safe to use.
2)  You can't screw up and depend on implementation details of a
     component, because if you're calling something the component
     provides then you're using APIs the component explicitly exposed.

Is there something I'm missing?

Or are those things that fall under "modularity" or "encapsulation" in 
your message?  If so, what are you thinking of in terms of "isolation"?

-Boris
Received on Thursday, 10 March 2011 03:18:28 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:43 GMT