- From: Krzysztof Kotowicz <notifications@github.com>
- Date: Wed, 28 Oct 2020 02:06:07 -0700
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 28 October 2020 09:06:19 UTC
Shadow DOM (or its closedness) is not a security boundary, but is - I suppose - provided for encapsulation, such that your users are discouraged from depending on you implementation details. Even if it were a security boundary, the articles you mentioned basically monkey patch the JS API before it's used - hardly a useful "bypass" in the context of this feature. It might be a bit off-topic to discuss changing the WebComponents API with its shadow DOM. Practically, it's possibly impossible to "un-ship" it years after the fact (it in every browser apart from IE, and possibly used a lot), and personally I don't think it matters much for the issue at hand, nor would I advocate the Shadow DOM. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/dom/issues/831#issuecomment-717796936
Received on Wednesday, 28 October 2020 09:06:19 UTC