Re: [w3c/webcomponents] document.currentScript from a script in a shadow tree. (#477) from Hayato Ito on 2016-04-04 (public-webapps-github@w3.org from April 2016)

From: Hayato Ito <notifications@github.com>
Date: Sun, 03 Apr 2016 21:23:57 -0700
To: w3c/webcomponents <webcomponents@noreply.github.com>
Message-ID: <w3c/webcomponents/issues/477/205132123@github.com>

I understand the point. However, I am afraid that we are worrying *too much* about this kind of exposure.
Unless the script (in a shadow tree) is calling such a *trap* function, this exposure never happens.

For me, it sounds "document.currentScript" is something like a *thread-local* variable. We do not have to stress on `document` used here. The point is that we have a *global function* which allows a script to access a *thread-local* variable.

It's difficult to decide where we should draw the line. However, in this particular case, I think it's okay that we have a *global function* which returns the script element which is currently running.

Due to the historical reason, this global function is defined in a "document".

I'm okay to restrict document.currentScript, however, we need an alternative *global function* for a script in a shadow tree, such as `window.currentScript`. WDTY?








---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webcomponents/issues/477#issuecomment-205132123

Received on Monday, 4 April 2016 04:24:26 UTC