W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2015

Re: Custom element lifecycle callbacks

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 9 Jan 2015 13:14:18 +0100
Message-ID: <CADnb78gKbmiedWpdk+2kncXfdivcsU9wJ8Zq91BY5JyGivVgQA@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: WebApps WG <public-webapps@w3.org>
On Fri, Jan 9, 2015 at 12:29 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
> Ok, what about this testcase:
>   var parent = document.createElement("x-my-element");
>   var input = document.createElement("input");
>   parent.appendChild(input);
>   input.value = "file:///etc/passwd";
>   parent.cloneNode(true);
> and then in the cloning callback for x-my-element, assuming "newNode" is the
> clone:
>   newNode.firstChild.type = "file";
> That seems to me like it would do the type set before the cloning callback
> for the input runs, right?

Both parent and input need to be cloned in this case. While parent's
callback runs it changes the type of input, at which point input's
callback runs. So, yes.

It's a bit unclear to me why "When an input element's type attribute
changes state" does not sanitize this value in any way though or how
cloning it makes it a security concern.

Received on Friday, 9 January 2015 12:14:45 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:43 UTC