Re: [webcomponents]: Making Shadow DOM Subtrees Traversable

On Tue, Mar 12, 2013 at 2:19 PM, Dimitri Glazkov <dglazkov@chromium.org> wrote:
> Quick update: we had a really productive lunch with a bunch of Mozilla and
> Google peeps (cc'd)
>
> After mulling this whole thing over, we're decided keep shadow trees
> traversable with a special provision for built-in HTML elements (UA shadow
> trees) to be non-traversable, per spec.
>
> We reached this conclusion after conducting a thought exercise of trying to
> gain entry into an imaginary private shadow tree, which exists in the same
> scripting context as the document, just using existing Web platform API --
> as you may guess, it's not that difficult.
>
> However, to allow developers a degree of enforcing integrity of their shadow
> trees, we are going add a new mode, an equivalent of a "KEEP OUT" sign, if
> you will, which will makes a shadow tree non-traversable, effectively
> skipping over it in an element's shadow tree stack.
>
> We couldn't come up with a good name for this mode. "Private" conveys false
> expectations of being any sort of security primitive. "Hidden" is unclear in
> purpose. "Get-Off-My-Lawn" is perfect, but a touch too wordy.
>
> We will also pursue, as a second phase of Shadow DOM spec, a way to create
> shadow trees that exist in a separate scripting context and a separate
> document, but render as part of the main document. These will provide the
> necessary security guarantees and finally bring the candy trees and unicorns
> to the Web platform.

This is exactly what I had hoped for, so yay!  Everything sounds good to me.

I don't have any good naming suggestions, but think "hidden" isn't too bad.

~TJ

Received on Tuesday, 12 March 2013 21:28:44 UTC