Re: [webcomponents]: Making Shadow DOM Subtrees Traversable

On 2/25/13 12:38 PM, Tab Atkins Jr. wrote:
> Still, though, the "private by default" impulse is nearly always
> wrong

That's an interesting claim.  Do you think that C++ classes should be 
public by default?  (Binary patching that can mess even with private 
members notwithstanding for now)

> and contrary to a lot of patterns on the web

This is at least partly a historical artifact of two things:

1)  The web was not originally designed for serious application development.

2)  There is no way to do private by default right now, really.  There 
are some things you can try to do with closures and whatnot, but the 
shared global makes even those not exactly private.

> the current status quo, where shadow DOM is hidden from everything
> unless you're explicitly looking for it, is necessary for *lots* of
> useful and completely benign things.

I think we may have different definitions of "benign"...

> If you want high integrity (not security - this is a much broader
> concept), it's expensive.  This is always true, because low-integrity
> things are *useful*, and people often try to reach for high-integrity
> without thinking through its downsides.

I can assure you that I have thought through the downsides of 
high-integrity and low-integrity components, both.  Furthermore, we at 
Mozilla have a .... lot of implementation experience with the 
low-integrity version.  It's been a constant battle against people 
monkeypatching things in ways that totally fail if you change the 
implementation at all, and I'm not sure why we should impose such a 
battle on component developers by default.


Received on Monday, 25 February 2013 17:54:31 UTC