Re: [whatwg/dom] Declarative Shadow DOM (#831)

After reading through all the responses, I start feeling that y'all forgot what the actual root cause of the bypass DOMPurify had with closed shadow-roots under certain circumstances actually was - and where the actual security risk for sanitizers resides. 

Is it possible that we are all trying to find a solution for a problem that doesn't exist - while overlooking the actual problem?
Should we maybe step back, look at the root cause of the bypass and then see how this might affect other sanitizers as well and how we can prevent it?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/dom/issues/831#issuecomment-717049026

Received on Tuesday, 27 October 2020 07:35:50 UTC