16509 2012-03-24 15:34:28 +0000 [Shadow]: Consider isolation 2014-11-19 04:49:40 +0000 1 1 1 Unclassified WebAppsWG HISTORICAL - Component Model unspecified PC All RESOLVED DUPLICATE 20144 P2 normal --- 15480 1 dglazkov dglazkov art.barstow dev.akhawe dominicc ericbidelman erights hayato mathias mjs mnot public-webapps-bugzilla oldest_to_newest 66016 0 dglazkov 2012-03-24 15:34:28 +0000 Add "isolated" flag to the plumbing, which would: * Make shadow DOM nodes have a different owner doc * Eliminate paths for reaching DOM information outside 68884 1 dglazkov 2012-06-08 21:04:19 +0000 * also need to re-create event object * prototypes that it sees need to be from that other frame. 69183 2 dominicc 2012-06-18 03:09:30 +0000 For context, could you explain a use case for "isolated"? It would seem that just getting a reference to the host or ShadowRoot across different security contexts will be thwarted by existing SOP protections. One case that might be interesting is if attaching a ShadowRoot to an iframe has special semantics and <content> element there can pick children of the frame’s content document’s body. > * Eliminate paths for reaching DOM information outside Do changes to lower boundary encapsulation, where event handlers attached in the Shadow DOM can observe elements in the light DOM which were distributed into the shadow, need to be special-cased for isolated Shadow DOM? > * prototypes that it sees need to be from that other frame. I believe that this is already the case, for example if you do new ShadowRoot(e) where e is an element from a frame but new ShadowRoot is run in the context of another frame/parent frame/etc. See my comments on bug 17447. 75083 3 dglazkov 2012-10-02 18:25:28 +0000 Also needs to have a different scripting context. 101491 4 dominicc 2014-02-27 02:01:01 +0000 Are there any use cases of projection with isolation? 103771 5 mjs 2014-04-11 18:50:45 +0000 Besides DOM encapsulation, a separate scripting environment (different world or global object), and a separate owner document and set of DOM prototypes, full isolation also requires a way to sanitize JS values that are passed to or returned from exported methods (something like the Worker structured clone algorithm but at minimum it also needs to be able to handle DOM nodes that have different wrappers inside and outside the component). 115092 6 hayato 2014-11-19 04:49:40 +0000 *** This bug has been marked as a duplicate of bug 20144 ***