Re: [w3c/webcomponents] document.currentScript from a script in a shadow tree. (#477) from smaug---- on 2016-04-01 (public-webapps-github@w3.org from April 2016)

From: smaug---- <notifications@github.com>
Date: Fri, 01 Apr 2016 06:32:23 -0700
To: w3c/webcomponents <webcomponents@noreply.github.com>
Message-ID: <w3c/webcomponents/issues/477/204397123@github.com>

> it only points to the script while the script is executing though, no? So how can the outer world observe it?

Just what was explained earlier. Shadow script calling some non-shadow function which accesses document.currentScript. That is accidental exposure, and it can happen when explicitly calling non-shadow functions or dispatching events from shadow script and handling them elsewhere.
The event handling case may even end up exposing shadow DOM to other shadow DOMs etc.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webcomponents/issues/477#issuecomment-204397123

Received on Friday, 1 April 2016 13:32:55 UTC