W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2011

Re: Component Model is not an Isolation Model

From: Ryosuke Niwa <rniwa@webkit.org>
Date: Wed, 9 Mar 2011 19:29:59 -0800
Message-ID: <AANLkTikpMW8gh17LL0GEqJOou8okBAWgZiThYzmeQENM@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: Dimitri Glazkov <dglazkov@chromium.org>, public-webapps <public-webapps@w3.org>
On Wed, Mar 9, 2011 at 7:17 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote:

> On 3/9/11 7:30 PM, Dimitri Glazkov wrote:
>> From the perspective of the component, the isolation is unfairly
>> punishing -- you can't use the outside DOM or even DOM element on
>> which you're hoisted, you can't add methods to it, and you have to
>> always imagine the membrane in order to build a proper mental model of
>> what the heck you're trying to accomplish.
> This is sort of a requirement for being able to use components that you
> don't trust to arbitrarily mess with your DOM though, no?

We already have very complicated security mechanisms for frames, and the
history of the Web tells us that it's really hard to get them right.  Why
can't we reuse the same mechanism instead of introducing new one?  Isn't it
as simple as putting an iframe in your component, no?

- Ryosuke
Received on Thursday, 10 March 2011 03:30:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:13:16 UTC