W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2011

Re: Component Model is not an Isolation Model

From: Robert O'Callahan <robert@ocallahan.org>
Date: Thu, 10 Mar 2011 22:59:10 +1300
Message-ID: <AANLkTinXPFwG5Dgk-hqC+8uwm2U9nNCFLXdZb43gi=Lg@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: Dimitri Glazkov <dglazkov@chromium.org>, public-webapps <public-webapps@w3.org>
On Thu, Mar 10, 2011 at 4:17 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote:

> 1)  Cross-site components are safe to use.
> 2)  You can't screw up and depend on implementation details of a
>    component, because if you're calling something the component
>    provides then you're using APIs the component explicitly exposed.

#2 --- protecting components from the enclosing document --- should
definitely be supported by the component model IMHO. Without that, it's more
difficult to update components over time.

I'm less enthusiastic about #1. In many situations, perhaps most, developers
can choose to trust a component and host it themselves, and there's no
problem. Some "widget" use cases can be solved with IFRAMEs instead. What
use cases for cross-site component loading are left?

"Now the Bereans were of more noble character than the Thessalonians, for
they received the message with great eagerness and examined the Scriptures
every day to see if what Paul said was true." [Acts 17:11]
Received on Thursday, 10 March 2011 09:59:43 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:30 UTC