- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Mon, 25 Feb 2013 12:54:03 -0500
- To: "Tab Atkins Jr." <jackalmage@gmail.com>
- CC: public-webapps <public-webapps@w3.org>
On 2/25/13 12:38 PM, Tab Atkins Jr. wrote: > Still, though, the "private by default" impulse is nearly always > wrong That's an interesting claim. Do you think that C++ classes should be public by default? (Binary patching that can mess even with private members notwithstanding for now) > and contrary to a lot of patterns on the web This is at least partly a historical artifact of two things: 1) The web was not originally designed for serious application development. 2) There is no way to do private by default right now, really. There are some things you can try to do with closures and whatnot, but the shared global makes even those not exactly private. > the current status quo, where shadow DOM is hidden from everything > unless you're explicitly looking for it, is necessary for *lots* of > useful and completely benign things. I think we may have different definitions of "benign"... > If you want high integrity (not security - this is a much broader > concept), it's expensive. This is always true, because low-integrity > things are *useful*, and people often try to reach for high-integrity > without thinking through its downsides. I can assure you that I have thought through the downsides of high-integrity and low-integrity components, both. Furthermore, we at Mozilla have a .... lot of implementation experience with the low-integrity version. It's been a constant battle against people monkeypatching things in ways that totally fail if you change the implementation at all, and I'm not sure why we should impose such a battle on component developers by default. -Boris
Received on Monday, 25 February 2013 17:54:31 UTC