[w3c/webcomponents] shadow tree -> iframe <- contentWindow.frameElement encapsulation issue (#507) from Andy Earnshaw on 2016-05-26 (public-webapps-github@w3.org from May 2016)

From: Andy Earnshaw <notifications@github.com>
Date: Thu, 26 May 2016 03:13:53 -0700
To: w3c/webcomponents <webcomponents@noreply.github.com>
Cc:
Message-ID: <w3c/webcomponents/issues/507@github.com>

We provide a custom element that contains an iframe in a shadow tree.  Before the iframe content loads, we register custom elements and ensure our API is globally available to the child document.  For example's sake, it looks something like this:

```html
<x-foo src="bar.html">
    #shadow-root
        <iframe src="bar.html"></iframe>
</x-foo>
```

As a closed tree, the user can't pierce the shadow tree from outside `<x-foo>`, but from inside _bar.html_, the user can access `window.frameElement`.  I think this is a mistake, as it undermines the encapsulation that the closed tree provides.

As a solution, I'd like to propose that if the iframe element is inside a shadow tree, `window.frameElement` returns the host.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webcomponents/issues/507

Received on Thursday, 26 May 2016 10:14:21 UTC