- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Thu, 08 Nov 2012 08:13:26 -0800
- To: Elliott Sprehn <esprehn@gmail.com>
- CC: Dimitri Glazkov <dglazkov@chromium.org>, Dominic Cooney <dominicc@chromium.org>, public-webapps <public-webapps@w3.org>
On 11/8/12 1:45 AM, Elliott Sprehn wrote: > That means that I > doubt you'll get widgets being broken as Boris suggests because people > aren't going to accidentally modify the inside of your widget. The problems start when people _maliciously_ modify the inside of your widget. Again, with XBL you don't get to accidentally modify the insides of anonymous content (shadow) trees. But there were all sorts of attack scenarious where people could modify them at all. > I'd also hate to prevent future innovation like Google Feedback which > has turned out to be a critical component for Google product success. I would like to understand more here. How does preventing touching the shadow tree by default prevent something like Google Feedback? -Boris
Received on Thursday, 8 November 2012 16:14:02 UTC