[Bug 20468] [Custom]: specify link rel="components" from bugzilla@jessica.w3.org on 2012-12-21 (public-webapps-bugzilla@w3.org from December 2012)

From: <bugzilla@jessica.w3.org>
Date: Fri, 21 Dec 2012 07:13:09 +0000
To: public-webapps-bugzilla@w3.org
Message-ID: <bug-20468-2532-Xknmdoez8Q@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=20468

Dominic Cooney <dominicc@chromium.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dominicc@chromium.org

--- Comment #1 from Dominic Cooney <dominicc@chromium.org> ---
I have heard an idea espoused that component documents *can* be HTML documents
but elements outside component definitions are inert when loaded externally.
Nor is the document accessible through DOM.

This allows “self documenting” components with documentation in the HTML file
along with the component definition. That file may use instances of the
components in the file. This can be viewed as a standalone document.

Of course, someone seeking to minimize size would not use self-documenting
components in a production environment.

There is an attack vector where documents with inline component definitions are
loaded cross-domain (basically the equivalent of cross-site script inclusion).

Thus the packaging specification should specify that CORS is required for
cross-site components.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Friday, 21 December 2012 07:13:15 UTC