- From: Ryosuke Niwa <rniwa@webkit.org>
- Date: Wed, 9 Mar 2011 19:29:59 -0800
- To: Boris Zbarsky <bzbarsky@mit.edu>
- Cc: Dimitri Glazkov <dglazkov@chromium.org>, public-webapps <public-webapps@w3.org>
Received on Thursday, 10 March 2011 03:30:51 UTC
On Wed, Mar 9, 2011 at 7:17 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote: > On 3/9/11 7:30 PM, Dimitri Glazkov wrote: > >> From the perspective of the component, the isolation is unfairly >>> >> punishing -- you can't use the outside DOM or even DOM element on >> which you're hoisted, you can't add methods to it, and you have to >> always imagine the membrane in order to build a proper mental model of >> what the heck you're trying to accomplish. >> > > This is sort of a requirement for being able to use components that you > don't trust to arbitrarily mess with your DOM though, no? > We already have very complicated security mechanisms for frames, and the history of the Web tells us that it's really hard to get them right. Why can't we reuse the same mechanism instead of introducing new one? Isn't it as simple as putting an iframe in your component, no? - Ryosuke
Received on Thursday, 10 March 2011 03:30:51 UTC