W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2014

Re: Fallout of non-encapsulated shadow trees

From: Tab Atkins Jr. <jackalmage@gmail.com>
Date: Tue, 1 Jul 2014 19:00:05 -0700
Message-ID: <CAAWBYDAjBs7WHRBaisNoNgcuxVN4vbuBtk=w=VwxAUypusqyxQ@mail.gmail.com>
To: Brendan Eich <brendan@secure.meer.net>
Cc: Domenic Denicola <domenic@domenicdenicola.com>, "Edward O'Connor" <eoconnor@apple.com>, WebApps WG <public-webapps@w3.org>
On Tue, Jul 1, 2014 at 6:13 PM, Brendan Eich <brendan@secure.meer.net> wrote:
> Domenic Denicola wrote:
>> From: Brendan Eich [mailto:brendan@secure.meer.net]
>>> >  That is a false idol if it means no intermediate steps that explain
>>> > some but not all of the platform.
>> Sure. But I don't think the proposed type 2 encapsulation explains any of
>> the platform at all.
> Are you sure? Because Gecko has used XBL (1) to implement, e.g., <input
> type=file>, or so my aging memory says. That's "good enough" and it has
> shipped for years, unless I'm mistaken.

XBL is either type 3, or it's type 2 but weak/magical enough that it
doesn't actually expose anything.  Gecko does *not* today leak any
internal details of <input type=file>, in the way that type 2 web
components would leak; that would be a major security breach.
(Leaking other elements would be something between a bug and a
security breach, depending on the element.)

Received on Wednesday, 2 July 2014 02:00:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:26 UTC