- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Tue, 1 Jul 2014 10:41:10 +0200
- To: Eduardo Robles Elvira <edulix@agoravoting.com>
- Cc: "Eduardo' Vela" <evn@google.com>, WebAppSec WG <public-webappsec@w3.org>
On Tue, Jul 1, 2014 at 10:22 AM, Eduardo Robles Elvira <edulix@agoravoting.com> wrote: > You don't want to use an iframe instead of a web component. You might > have a web component being used multiple times in a single webpage, > like for showing dates in github. And in that case you wouldn't use an > iframe, would you? The proposal I made includes web component pinning > and interation with the security features of the web browser. The idea > of isolated web components is to be the equivalent of SSL for > end-to-end user security. You can't have isolation without having an isolated global object. <iframe> is pretty much that (except the global is not always isolated, but the important point is that it can be). If you would just use one instance of an isolated component on a page, I don't think we could make the cost much lower than an <iframe>. For /n/ instances of the same component the cost could probably be lower than /n/ <iframe>s. If components lived in a package together and you just isolated against the package, you could probably reduce the cost even more (and I suspect this is what a browser would want to implement all the form elements, otherwise it would get very expensive, so maybe we need to explore this direction). -- http://annevankesteren.nl/
Received on Tuesday, 1 July 2014 08:41:37 UTC