W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2013

Re: [webcomponents]: Scope of <link rel=components>, was: Naming the Baby

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 28 Mar 2013 19:27:11 +0000
Message-ID: <CADnb78hV-=hr1+-JkcBTz6rD3YBGkTW-FmXmNkwXCjukRwWN_A@mail.gmail.com>
To: Dimitri Glazkov <dglazkov@google.com>
Cc: public-webapps <public-webapps@w3.org>, Elliott Sprehn <esprehn@gmail.com>, Angelina Fabbro <angelinafabbro@gmail.com>, Brian Kardell <bkardell@gmail.com>, Steve Orvell <sorvell@google.com>, Ryan Seddon <seddon.ryan@gmail.com>, Ladislav Thon <ladicek@gmail.com>, Dominic Cooney <dominicc@google.com>
On Tue, Mar 26, 2013 at 3:59 PM, Dimitri Glazkov <dglazkov@google.com> wrote:
> After all resources are loaded and processed, we'll need to process
> <element> instances, in reverse order of loading. Processing means:
>
> 1) Registering a custom element, specified by this <element>. This
> will involve running its children <script> elements with some special
> rules.
> 2) Running element upgrade:
> https://dvcs.w3.org/hg/webcomponents/raw-file/tip/spec/custom/index.html#dfn-element-upgrade
>
> As for the fetching security model, I have a bug for this:
> https://www.w3.org/Bugs/Public/show_bug.cgi?id=21226. Please guide me,
> would love your fetch-spec-writing experience :)
>
> As an additional wrinkle, the webdevs really want this:
> https://www.w3.org/Bugs/Public/show_bug.cgi?id=21229

I guess what mostly strikes me as weird is that we're again
introducing cross-origin scripts that execute with your principals.
That seems bad.

Assuming we don't find anything better, lets make it clear
(monkeypatch for now, I'll create a way) that https -> http fails (we
might even want https+EV requires https+EV linking although I'm not
sure if you gain much by that). That you really have to trust who you
import (suspect the likelyhood of that helping to be close to zero,
but who knows).


-- 
http://annevankesteren.nl/
Received on Thursday, 28 March 2013 19:27:39 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 28 March 2013 19:27:39 UTC