- From: Mason Freed <notifications@github.com>
- Date: Thu, 19 Nov 2020 15:40:11 -0800
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/dom/issues/912/730705566@github.com>
> @mfreed7 maybe require passing `unsafeWithShadowRoot` or equivalent and throw otherwise. And in the future we could make not passing anything do the safe thing rather than throw. It's usually doable to migrate from throwing to not throwing. (I don't think Permissions Policy makes sense by the way, as the parent shouldn't be in control as to how the child parses without the child consenting.)
@annevk if I understand you (and I'm thinking I do not), you're just saying to make the existing proposal throw if declarative Shadow DOM content is encountered without the flag provided? I.e.
```javascript
element.setInnerHTML(contentWithoutDSD,{includeShadowRoots:false}); // No exception
element.setInnerHTML(contentContainingDSD,{includeShadowRoots:false}); // Throws
element.setInnerHTML(contentContainingDSD,{includeShadowRoots:true}); // Parses DSD content, no exception
```
If that's not what you meant by "passing unsafeWithShadowRoot", can you let me know what you did mean?
Incidentally, I've renamed the `setInnerHTML()` and `DOMParser.parseFromString()` opt-in parameters to match the existing one on `getInnerHTML()`, namely "includeShadowRoots":
```javascript
const html = element.getInnerHTML({ includeShadowRoots:true });
element.setInnerHTML(html, { includeShadowRoots:true });
(new DOMParser()).parseFromString(html, 'text/html', { includeShadowRoots:true });
```
It seemed better to make them all parallel, and plural, as there might be more than one shadow root present. LMK if you all are ok with this change.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/dom/issues/912#issuecomment-730705566
Received on Thursday, 19 November 2020 23:40:23 UTC