- From: <simon.madine@nokia.com>
- Date: Fri, 22 Jul 2011 07:30:39 +0000
I've been working with a JS polyfill to enable scoped styles optionally including or excluding the direct parent element and, from a CSS writing point-of-view, it feels more natural to be able to affect the parent. The scoped block essentially has influence over the elements it can directly 'see' - parent and siblings. Either way, there's going to be a neutral container element so it comes down to whether that would be better provided by the author of the page or the author of the included block. Simon ________________________________________ From: whatwg-bounces@lists.whatwg.org [whatwg-bounces@lists.whatwg.org] on behalf of ext Kornel Lesi?ski [kornel@geekhood.net] Sent: 20 July 2011 22:37 To: ash at ashleysheridan.co.uk Cc: whatwg Subject: Re: [whatwg] Selectors within <style scoped> On Wed, 20 Jul 2011 20:55:51 +0100, Ashley Sheridan <ash at ashleysheridan.co.uk> wrote: >> <div id=widget> >> <style scoped> >> #widget foo {} >> </style> >> </div> > > While I agree that that might be a common pattern, I disagree that it's > actually a good one. Consider an ad service which wraps everything in a > custom <div> tag. If the scope allowed the immediate parent to be > included as part of the scope, then it could allow the advert to be > altered in a way that could negatively affect the users of the site the > ad appeared on. The site could wrap the ad in another div to prevent that (and this is typical when the site wants to create fixed-size ad slot). > The purpose of scope in the style seems to be to protect elements > outside of the included content and to 'contain' the included content > that has the <style scoped> element in it, presumably because it's > coming from an external source. If you allowed the immediate parent as > your example, then it could allow the 3rd parties who created the advert > to take over the element beyond what the advert service would prefer to > be allowed. For rogue 3rd parties there's <iframe> in seamless and sandboxed flavors. If author is allowing untrusted and misbehaving code in the DOM, then it's already game over ? the ad can do anything, including creating <style> without scope and modifying other stylesheets. Even scoped style could use position:absolute or fixed to modify looks of something outside the element. -- regards, Kornel Lesi?ski
Received on Friday, 22 July 2011 00:30:39 UTC