- From: Cure53 <notifications@github.com>
- Date: Wed, 28 Oct 2020 02:24:13 -0700
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 28 October 2020 09:24:26 UTC
> I honestly think the closedness is the red herring here. That is possible, for me at least because this was the one affecting us and caught me by surprise. > Would you agree that (if we only look at the risk of introducing sanitizer bugs), `<template shadowroot="open">` is also problematic I have mixed feelings about the right answer. One the one hand, I would say no because _if you know how_ you can sanitize it, easily so. And you cannot with the closed one. On the other hand I would say yes as in _gee, what's the difference_, because the issues with the closed one are solvable too with a one-liner. But here by using `importNode` rather than cleaning up inside `eml.content`. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/dom/issues/831#issuecomment-717806743
Received on Wednesday, 28 October 2020 09:24:26 UTC