[Bug 22466] [Custom]: Certain documents should not share registration contexts from bugzilla@jessica.w3.org on 2013-06-27 (public-webapps-bugzilla@w3.org from June 2013)

From: <bugzilla@jessica.w3.org>
Date: Thu, 27 Jun 2013 17:13:59 +0000
To: public-webapps-bugzilla@w3.org
Message-ID: <bug-22466-2532-DpT6k2swge@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=22466

--- Comment #5 from Dimitri Glazkov <dglazkov@chromium.org> ---
(In reply to comment #4)
> What is the behavior if a custom element is parsed in a document without
> access to the registration context but then moved into a document with the
> registration context?

This is slightly a different question. Specifying behavior of moving a custom
element between documents is bug 20488.

> In Dart, we are using document.implementation.createHTMLDocument to sanitize
> untrusted content and need to have the opportunity to remove untrusted
> elements. To mitigate XSS vectors Element.innerHTML will be sanitized by
> default, and it would be nice to allow custom elements if they are trusted.

FWIW, the document.implementation.createHTMLDocument will have share the
registration context with the main document by default.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Thursday, 27 June 2013 17:14:01 UTC