Re: [webcomponents]: Making Shadow DOM Subtrees Traversable from Dimitri Glazkov on 2013-03-12 (public-webapps@w3.org from January to March 2013)

From: Dimitri Glazkov <dglazkov@chromium.org>
Date: Tue, 12 Mar 2013 14:19:27 -0700
To: Blake Kaplan <mrbkap@gmail.com>, Boris Zbarsky <bzbarsky@mit.edu>, Elliott Sprehn <esprehn@gmail.com>, William Chen <wchen@mozilla.com>, Daniel Buchner <daniel@mozilla.com>, Jonas Sicking <jonas@sicking.cc>
Cc: public-webapps <public-webapps@w3.org>
Message-ID: <CADh5Ky0XM8_KhOEm1Qs2RiJGETGEGgOk2RHMUSawgVLPeezzww@mail.gmail.com>

Quick update: we had a really productive lunch with a bunch of Mozilla and
Google peeps (cc'd)

After mulling this whole thing over, we're decided keep shadow trees
traversable with a special provision for built-in HTML elements (UA shadow
trees) to be non-traversable, per spec.

We reached this conclusion after conducting a thought exercise of trying to
gain entry into an imaginary private shadow tree, which exists in the same
scripting context as the document, just using existing Web platform API --
as you may guess, it's not that difficult.

However, to allow developers a degree of enforcing integrity of their
shadow trees, we are going add a new mode, an equivalent of a "KEEP OUT"
sign, if you will, which will makes a shadow tree non-traversable,
effectively skipping over it in an element's shadow tree stack.

We couldn't come up with a good name for this mode. "Private" conveys false
expectations of being any sort of security primitive. "Hidden" is unclear
in purpose. "Get-Off-My-Lawn" is perfect, but a touch too wordy.

We will also pursue, as a second phase of Shadow DOM spec, a way to create
shadow trees that exist in a separate scripting context and a separate
document, but render as part of the main document. These will provide the
necessary security guarantees and finally bring the candy trees and
unicorns to the Web platform.

:DG<

Received on Tuesday, 12 March 2013 21:20:00 UTC