Re: Fallout of non-encapsulated shadow trees from Edward O'Connor on 2014-07-02 (public-webapps@w3.org from July to September 2014)

From: Edward O'Connor <eoconnor@apple.com>
Date: Tue, 01 Jul 2014 17:26:31 -0700
To: WebApps WG <public-webapps@w3.org>
Cc:
Message-id: <m2r424ehc8.fsf@eoconnor.apple.com>

Hi,

Maciej said:

>> I agree with the need for encapsulation in Web Components and have
>> been arguing for it for a long time. Currently, despite agreement
>> dating back several years, it doesn’t even offer a mode with better
>> encapsulation. Now that the non-encapsulation version has shipped in
>> Chrome, it may be hard to change other than by renaming everything.
>>
>> Web Components as currently designed cannot explain the behavior of
>> any built-in elements (except maybe those which can be explained with
>> CSS alone).

Domenic replied:

> From what I remember, you were arguing for some kind of soft
> encapsulation, which could be broken by e.g. overwriting
> Object.getOwnPropertyDescriptor [etc…]

Type 2 encapsulation ("Encapsulation against deliberate access" in
Maciej's original email[1]) isn't a security boundary protecting the
component from the containing page. Type 2 is simply the idea that we
should not provide API for outside code to poke into the component's
shadow DOM without some kind of explicit buy-in (exporting, etc.) by the
component's author. Page authors could hack around it and get at the
internals if they really, really wanted to. But their code to do this
would look bad and they should feel bad for writing it. :)

Exposing the shadow DOM of an element to everyone with API means that
the entire contour of that DOM is now API. That's bad. Half the point of
having a component model is to allow component authors to hide their
implementation details so they can change them without breaking people
using their component.

> But soft encapsulation is just as useless for explaining the platform
> as no encapsulation at all.

I think "just as useless" overstates your case. Type 2 allows you to
hide implementation details of your component from authors better than
Type 1 does. Yes, it's not isolation for security purposes, so it
doesn't get you the whole way, but like Brendan said, we shouldn't let
the perfect be the enemy of the good.


Ted

1. http://lists.w3.org/Archives/Public/public-webapps/2011AprJun/1364.html

Received on Wednesday, 2 July 2014 00:27:00 UTC