W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2013

ACTION-120: Proposal for handling custom elements

From: Adam Barth <w3c@adambarth.com>
Date: Mon, 29 Apr 2013 22:15:31 -0700
Message-ID: <CAJE5ia9QT7OZbH9tcZgWMtJ+XWeoJ9q+0VkfDZz+dWHKQqyEMA@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
ACTION-120 asks me to make a proposal for how to handle custom
elements in CSP 1.1.  My proposal is to not change the spec.

Custom elements are defined in terms of built-in elements.  For
example, a custom element implementing the <picture> element (e.g.,
<my-picture>), would expand via its shadow DOM into a bunch of other
elements (e.g., <img> elements or other elements with a
background-image CSS property).  These built-in elements are already
subject to the CSP policy, so the custom element will work as expected
(e.g., the images displayed by <my-picture> would be subject to the
img-src directive in the CSP policy).

For that reason, I don't think we need to do anything specific of
custom elements in CSP.  Everything should just work as expected
without any changes.

Received on Tuesday, 30 April 2013 05:16:31 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:32 UTC