W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2013

Re: [webcomponents]: Making Shadow DOM Subtrees Traversable

From: Bronislav Klučka <Bronislav.Klucka@bauglir.com>
Date: Mon, 25 Feb 2013 19:24:42 +0100
Message-ID: <512BAC6A.30201@bauglir.com>
To: public-webapps@w3.org

On 25.2.2013 18:38, Tab Atkins Jr. wrote:
> On Mon, Feb 25, 2013 at 6:21 AM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
>> On 2/25/13 12:11 AM, Tab Atkins Jr. wrote:
>>> We've gone back and forth.  It seems that allowing monkeypatching by
>>> default is the better choice, as most uses aren't security conscious
>> Tab, could you please read and respond to what Blake actually wrote?  He
>> didn't mention the word "security" at all.
> True, but that's often something that comes up.  Sorry for implying
> that was the only concern Blake had.
> Still, though, the "private by default" impulse is nearly always
> wrong, and contrary to a lot of patterns on the web.  As I alluded to,
> and Elliot explicitly said in the 2012 email that Bronislav quotes,
> the current status quo, where shadow DOM is hidden from everything
> unless you're explicitly looking for it, is necessary for *lots* of
> useful and completely benign things.  Because of this, hiding the
> shadow is *not* something that's obviously good, and I argue that it
> should rarely be necessary in the first place.
> If you want high integrity (not security - this is a much broader
> concept), it's expensive.  This is always true, because low-integrity
> things are *useful*, and people often try to reach for high-integrity
> without thinking through its downsides.
> ~TJ

My opinion of course... but you wrong on so many levels... I'm 
originally desktop applications programmer (still doing some), and 
private by default is the best policy (actually it's protected, but 
there's no such concept in HTML and no such thing in JS yet), it is 
contrary to lot of patters on web (given JS and DOM sharing space over 
all document regardless of origin), but this is serious flaw of the 
design, not a pro, it's con.

Sure I can say "please not change the internals of that DOM it may 
change in the future, do not count on existence of some node in that 
DOM, it may change in the future" but again, what is the point of Shadow 

Yes, high integrity is expensive, so what? That is not an argument at 
all. It's a choice... do I need it? I'll use Shadow DOM, is it pointless 
for the result? I will not use it... We are not making anything 
mandatory. Shadow DOM is the way hi to create actual blackbox 
control/component/widget as it's normal and beneficiary in other languages.

"This is always true, because low-integrity things are *useful*, and 
people often try to reach for high-integrity without thinking through 
its downsides." Generalization excusing poor decisions of programmers? 
How about those, who can make good one?

But to argue your original point: keeping the smallest amount of point 
application can connect to control/component/widget blackbox is the best 
way how to ensure continuous, long time, functionality without breaking 
everything else. Because you are keeping the boundaries sharp.  When you 
have e.g. Delhi control, you know the contract between the original 
author and you. Having HTML+JS+CSS mess you know nothing at all.

I do recognize the history of the web, and I'm fine with making access 
policy to Shadow DOM more granular as long as I'm able to actually say 
"I do not want you to see anything other that I choose to expose in any 

Received on Monday, 25 February 2013 18:25:08 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:52 UTC