Re: [whatwg/dom] Allow attachShadow on <script> and <style> (Issue #1064) from Darien Maillet Valentine on 2022-03-06 (public-webapps-github@w3.org from March 2022)

From: Darien Maillet Valentine <notifications@github.com>
Date: Sat, 05 Mar 2022 20:03:38 -0800
To: whatwg/dom <dom@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/dom/issues/1064/1059890581@github.com>

Both of these elements have special associated [tokenizer states](https://html.spec.whatwg.org/#script-data-state) that would collide with the declarative syntax for shadow root. They also have existing initialization/change behaviors. For script in particular it seems like this use case, though cool, is probably not sufficient to justify a relatively high risk of introducing novel security issues and xss opportunities.

FWIW, it is possible currently to create novel contracts around elements like this. For example one can have a custom element whose that has a slot that expects a script element as its child or which places one in the shadow itself.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/dom/issues/1064#issuecomment-1059890581
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/dom/issues/1064/1059890581@github.com>

Received on Sunday, 6 March 2022 04:03:50 UTC