- From: Tab Atkins Jr. <jackalmage@gmail.com>
- Date: Tue, 1 Jul 2014 19:00:05 -0700
- To: Brendan Eich <brendan@secure.meer.net>
- Cc: Domenic Denicola <domenic@domenicdenicola.com>, "Edward O'Connor" <eoconnor@apple.com>, WebApps WG <public-webapps@w3.org>
On Tue, Jul 1, 2014 at 6:13 PM, Brendan Eich <brendan@secure.meer.net> wrote: > Domenic Denicola wrote: >> >> From: Brendan Eich [mailto:brendan@secure.meer.net] >>> >>> > That is a false idol if it means no intermediate steps that explain >>> > some but not all of the platform. >> >> >> Sure. But I don't think the proposed type 2 encapsulation explains any of >> the platform at all. > > > Are you sure? Because Gecko has used XBL (1) to implement, e.g., <input > type=file>, or so my aging memory says. That's "good enough" and it has > shipped for years, unless I'm mistaken. XBL is either type 3, or it's type 2 but weak/magical enough that it doesn't actually expose anything. Gecko does *not* today leak any internal details of <input type=file>, in the way that type 2 web components would leak; that would be a major security breach. (Leaking other elements would be something between a bug and a security breach, depending on the element.) ~TJ
Received on Wednesday, 2 July 2014 02:00:51 UTC