Re: [webcomponents] Encapsulation and defaulting to open vs closed (was in www-style)

On Thu, Feb 13, 2014 at 2:35 AM, Anne van Kesteren <annevk@annevk.nl> wrote:

> On Thu, Feb 13, 2014 at 12:04 AM, Alex Russell <slightlyoff@google.com>
> wrote:
> > Until we can agree on this, Type 2 feels like an attractive nuisance
> and, on
> > reflection, one that I think we should punt to compilers like caja in the
> > interim. If toolkits need it, I'd like to understand those use-cases from
> > experience.
>
> I think Maciej explains fairly well in
> http://lists.w3.org/Archives/Public/public-webapps/2011AprJun/1364.html
> why it's good to have. Also, Type 2 can be used for built-in elements,
> which I thought was one of the things we are trying to solve here.


I encourage you to go through the exercise that arv has.

What does it mean, in practice, to *really* defend against "deliberate
access" (Maciej's Type 2). If you were to try to implement a built-in using
what, in your mind, is Type 2, would it work? Would you really be able to
hang privileged user access off that implementation?

Any time I consider the question, it leads me to want to lock down all
routes to access outside some (unspecified, and I fear unspecifiable until
we get *much* stronger primitives) relationship between a script execution
context and some subset of the DOM. This is painful because DOM makes
transport across "worlds" so trivial. Iframes, built-in-controls and caja
have all done this, but they do it by going for Type 4.

There is no spoon. Type 2 is a mirage.

Received on Thursday, 13 February 2014 19:21:45 UTC