Re: [w3c/webcomponents] Method for detecting finally-distributed nodes. (#611)

@hayatoito 

> leaking information; a closed shadow tree has a slot.

1. Is that really leaking any vital information? A shadow tree can accept my children. What can I do with that info? Can you prove why it is bad to know that a three has a slot? What wrongdoing can be done with that info? The owner of the tree that contains the child shadow tree -- knowing that the child tree has a slot --  can not fool around with that child tree.
1. I can hijack `Element.prototype.attachShadow` and get access to every single closed shadow tree in the `window`, so I can determine the structure of any shadow tree, and I can manipulate them anyways.
1. ShadowDOM is not a security feature.

> Suppose <video> elements in Blink, we never leaks an internal structure of <video> via any web-facing APIs.

True, but `<video>` is native, and hijacking `attachShadow` doesn't work in that case. For now, I'm talking about Custom Elements.

I've been thinking about how to achieve this for a while now, at first with [slottedCallback](https://github.com/w3c/webcomponents/issues/527) idea. I think `slotchange` is fine, and I can hack up what I want now, but it's a hack. The idea in this issue cleans it up _a lot_. `slottedCallback` however allows for more insight than the idea here.

If my library owns custom elements inside of each tree in a tree of shadow trees, then I can access slots in each tree, and on `slotchange` I can see which nodes are distributed across all the trees in order to determine their deepest positions. This is difficult compared to an official solution as simple as the algorithm above, but it will achieve what I want.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webcomponents/issues/611#issuecomment-263203263