Re: XBL2: First Thoughts and Use Cases

On 12/14/10 11:16 AM, Dimitri Glazkov wrote:
> This is interesting. Can you give an example? I am wondering if you
> and Tab are talking about the same thing. What sorts of problems?

The issues we've run into is that the shadow DOM tree can get mutated, 
which makes the actual DOM get out of sync with the data structures that 
represent insertion points (what I think XBL2 calls output ports) and 
the like).  After this, adding normal DOM children to the bound element 
at best puts them in the wrong place in the shadow DOM; at worst we've 
had exploitable crash issues we had to fix.

Now if the shadow DOM can only be mutated by the binding itself, then 
it's possible to just avoid those problems in the binding script or 
restrict the things that script can do.  But if the shadow DOM is 
exposed to the page the bound element is in, then the implementation 
needs to handle arbitrary mutations _somehow_, since you can't rely on 
things outside the binding playing nice with the binding.  Or, of 
course, restrict what _that_ script can do with the shadow DOM, but that 
has more potential for weird breakage if the binding changes out from 
under the scripts that are trying to poke at it.

-Boris

Received on Tuesday, 14 December 2010 19:24:17 UTC