Re: [webcomponents]: Making Shadow DOM Subtrees Traversable

Quick update: we had a really productive lunch with a bunch of Mozilla and
Google peeps (cc'd)

After mulling this whole thing over, we're decided keep shadow trees
traversable with a special provision for built-in HTML elements (UA shadow
trees) to be non-traversable, per spec.

We reached this conclusion after conducting a thought exercise of trying to
gain entry into an imaginary private shadow tree, which exists in the same
scripting context as the document, just using existing Web platform API --
as you may guess, it's not that difficult.

However, to allow developers a degree of enforcing integrity of their
shadow trees, we are going add a new mode, an equivalent of a "KEEP OUT"
sign, if you will, which will makes a shadow tree non-traversable,
effectively skipping over it in an element's shadow tree stack.

We couldn't come up with a good name for this mode. "Private" conveys false
expectations of being any sort of security primitive. "Hidden" is unclear
in purpose. "Get-Off-My-Lawn" is perfect, but a touch too wordy.

We will also pursue, as a second phase of Shadow DOM spec, a way to create
shadow trees that exist in a separate scripting context and a separate
document, but render as part of the main document. These will provide the
necessary security guarantees and finally bring the candy trees and
unicorns to the Web platform.


Received on Tuesday, 12 March 2013 21:20:00 UTC