- From: Andrea Giammarchi <notifications@github.com>
- Date: Wed, 09 Mar 2022 08:53:11 -0800
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/dom/issues/412/1063139688@github.com>
@benjamingr > What about an alternative "enable encapsulation" options like the ones browsers typically use to enable breaking features like eval e.g. a header that restores the "no getEventListeners" behavior or an opt-in behavior so most websites can benefit from this but ones who care about this encapsulation cannot? if this is about special CSP flag, then maybe it makes sense ... but I don't see CSP less cumbersome than opt-in, to be honest, yet it's close to my idea of "*let's bring this to Web Extensions and see how it goes*", so to me that's an option. > note in Node.js ... as mentioned, Node.js is a different use case. It doesn't get evil scripts out of the box and it doesn't suffer by design XSS. > It's a static one, to not violate the spec. If it's a new method I am not sure how that would violate the specs but again, in node you don't have DOM listeners to deal with, I am not fully sure why Node.js is so relevant in this breaking change for the Web (or the current state). > Let me make sure I am understanding the current situation: Yes, all point reflect my understanding too. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/dom/issues/412#issuecomment-1063139688 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/dom/issues/412/1063139688@github.com>
Received on Wednesday, 9 March 2022 16:53:23 UTC