- From: Justin Fagnani <notifications@github.com>
- Date: Thu, 26 Mar 2020 18:02:32 -0700
- To: w3c/webcomponents <webcomponents@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 27 March 2020 01:02:46 UTC
> in which case, someone else can attach a shadow root, or worse yet, anyone can access to template's content and have reference to those nodes. Declarative shadow roots are necessarily a cooperative construct - the generator of the shadow root and the element have to coordinate - and I'm definitely not worried about breaking encapsulation this way. A component will _have_ to opt-in to SSR somehow and have to trust the declarative SR contents. If a component author is worried that there will somehow be an attack via declarative SR, then they should not support it, ie, it should throw when they call `attachShadow` as it does now. This is why I don't see a forgiving version of `attachShadow` as necessary. The component should only call that if it knows it's not going to receive a declarative SR. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webcomponents/issues/871#issuecomment-604761773
Received on Friday, 27 March 2020 01:02:46 UTC