- From: <bugzilla@jessica.w3.org>
- Date: Mon, 18 Jun 2012 03:09:30 +0000
- To: public-webapps-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=16509
Dominic Cooney <dominicc@chromium.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dominicc@chromium.org
--- Comment #2 from Dominic Cooney <dominicc@chromium.org> 2012-06-18 03:09:30 UTC ---
For context, could you explain a use case for "isolated"? It would seem that
just getting a reference to the host or ShadowRoot across different security
contexts will be thwarted by existing SOP protections.
One case that might be interesting is if attaching a ShadowRoot to an iframe
has special semantics and <content> element there can pick children of the
frame’s content document’s body.
> * Eliminate paths for reaching DOM information outside
Do changes to lower boundary encapsulation, where event handlers attached in
the Shadow DOM can observe elements in the light DOM which were distributed
into the shadow, need to be special-cased for isolated Shadow DOM?
> * prototypes that it sees need to be from that other frame.
I believe that this is already the case, for example if you do
new ShadowRoot(e)
where e is an element from a frame but new ShadowRoot is run in the context of
another frame/parent frame/etc. See my comments on bug 17447.
--
Configure bugmail: https://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Monday, 18 June 2012 03:09:33 UTC