W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2013

ACTION-120: Proposal for handling custom elements

From: Adam Barth <w3c@adambarth.com>
Date: Mon, 29 Apr 2013 22:15:31 -0700
Message-ID: <CAJE5ia9QT7OZbH9tcZgWMtJ+XWeoJ9q+0VkfDZz+dWHKQqyEMA@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
ACTION-120 asks me to make a proposal for how to handle custom
elements in CSP 1.1.  My proposal is to not change the spec.

Custom elements are defined in terms of built-in elements.  For
example, a custom element implementing the <picture> element (e.g.,
<my-picture>), would expand via its shadow DOM into a bunch of other
elements (e.g., <img> elements or other elements with a
background-image CSS property).  These built-in elements are already
subject to the CSP policy, so the custom element will work as expected
(e.g., the images displayed by <my-picture> would be subject to the
img-src directive in the CSP policy).

For that reason, I don't think we need to do anything specific of
custom elements in CSP.  Everything should just work as expected
without any changes.

Adam
Received on Tuesday, 30 April 2013 05:16:31 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC