- From: Tab Atkins Jr. <jackalmage@gmail.com>
- Date: Mon, 14 Jul 2008 17:50:06 -0500
- To: "Andrew Fedoniouk" <news@terrainformatica.com>
- Cc: "Lachlan Hunt" <lachlan.hunt@lachy.id.au>, www-style <www-style@w3.org>
>> Ah, I see. Your issue here is that you don't understand the primary
>> use of <style scoped>, which is to perform a limited sandbox on the
>> styles. For example, say you ran a social network and wanted the
>> users to be able to style their individual pages. However, you want
>> to enforce a common template that the users *can't* change. If you
>> wrap their CSS in <style scoped> and place it appropriately, they
>> can't have any effect on your site template, but are still free to go
>> wild on the CSS of their personal section.
>>
>>
>
> Good example. Lets take a look on roles here:
>
> I am an social network user. I want to write my own "page". So I would go
> and write my style sheet as:
>
> mystyle.css
> -----------
> div.foo p { color:red; }
> div.bar p { color:green; }
> -----------
>
> and will give you my html that will have something like:
> <div>
> <p>Hello world</p>
> </div>
>
> You will merge that content into your portal and if it happens that your
> wrapper
> page will have <div.foo> somewhere then my content will be rendered not the
> way I meant it.
>
> Your advice? To use :context always? May work if you have a dedicated
> community.
You're still not understanding the use-case. The problem isn't that a
selector collision (both site template and user content have div.foo
appearing in their markup) will cause the *user's* content to be
styled inappropriately, it's that it will *also* cause the *site's*
content to be styled inappropriately.
Say you have an ad at the top of your site template. Right now if you
allow CSS for the users, you have to do expensive and possibly
unreliable CSS cleanup to prevent the users from being able to throw a
display:none at the ad. <style scoped>, on the other hand, prevents
this case automatically, with no further work from the site owner. As
CSS gets more powerful, the ability of users to completely alter your
site structure becomes even more pronounced, and we shouldn't require
site owners to implement a full CSS parser just to sandbox their users
if we can do it ourselves.
> But if you have such community then you can do this even now without any
> 'scoped'.
>
> Ask users to prepend styles with their login names:
>
> <section class=userName1>
> ....
> </section>
> <section class=userName2>
> ....
> </section>
>
> And so they will give you style sheets:
>
> .userName2 div.foo p { color:red; }
> .userName2 div.bar p { color:green; }
>
> Works already.
As noted, this does *not* replicate the use of <style scoped>, and
it's still more difficult than it could be. Simply telling the user
to put :scope/:context in front of their rule if it's displaying
weirdly is simpler for them and doesn't require any special effort on
your part. As well, addressing your specific solution, what about
anonymous comments/comments from users who aren't logged in? Would
you generate a random GUID for them to prepend on their styles? That
ups the difficulty for the user quite significantly.
In other words, it doesn't accomplish what <style scoped> does, and
achieving this reduced functionality still either requires (possibly
substantially) more work on the part of the users (who can't be relied
on to do so, anyway) plus some minor work from the site owner, or a
*great* amount of work from the site owner (in implementing and
deploying a CSS parser than can reject/rewrite rules to ensure they
only apply to the user's content).
~TJ
Received on Monday, 14 July 2008 22:50:45 UTC