W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2012

Re: [webcomponents]: Making Shadow DOM Subtrees Traversable

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Thu, 08 Nov 2012 08:13:26 -0800
Message-ID: <509BDA26.5060607@mit.edu>
To: Elliott Sprehn <esprehn@gmail.com>
CC: Dimitri Glazkov <dglazkov@chromium.org>, Dominic Cooney <dominicc@chromium.org>, public-webapps <public-webapps@w3.org>
On 11/8/12 1:45 AM, Elliott Sprehn wrote:
> That means that I
> doubt you'll get widgets being broken as Boris suggests because people
> aren't going to accidentally modify the inside of your widget.

The problems start when people _maliciously_ modify the inside of your 
widget.  Again, with XBL you don't get to accidentally modify the 
insides of anonymous content (shadow) trees.  But there were all sorts 
of attack scenarious where people could modify them at all.

> I'd also hate to prevent future innovation like Google Feedback which
> has turned out to be a critical component for Google product success.

I would like to understand more here.  How does preventing touching the 
shadow tree by default prevent something like Google Feedback?

-Boris
Received on Thursday, 8 November 2012 16:14:02 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:55 GMT