Bug 16509 - [Shadow]: Consider isolation
Summary: [Shadow]: Consider isolation
Status: RESOLVED DUPLICATE of bug 20144
Alias: None
Product: WebAppsWG
Classification: Unclassified
Component: HISTORICAL - Component Model (show other bugs)
Version: unspecified
Hardware: PC All
: P2 normal
Target Milestone: ---
Assignee: Dimitri Glazkov
QA Contact: public-webapps-bugzilla
Depends on:
Blocks: 15480
  Show dependency treegraph
Reported: 2012-03-24 15:34 UTC by Dimitri Glazkov
Modified: 2014-11-19 04:49 UTC (History)
9 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Dimitri Glazkov 2012-03-24 15:34:28 UTC
Add "isolated" flag to the plumbing, which would:

* Make shadow DOM nodes have a different owner doc
* Eliminate paths for reaching DOM information outside
Comment 1 Dimitri Glazkov 2012-06-08 21:04:19 UTC
* also need to re-create event object
* prototypes that it sees need to be from that other frame.
Comment 2 Dominic Cooney 2012-06-18 03:09:30 UTC
For context, could you explain a use case for "isolated"? It would seem that just getting a reference to the host or ShadowRoot across different security contexts will be thwarted by existing SOP protections.

One case that might be interesting is if attaching a ShadowRoot to an iframe has special semantics and <content> element there can pick children of the frame’s content document’s body.

> * Eliminate paths for reaching DOM information outside

Do changes to lower boundary encapsulation, where event handlers attached in the Shadow DOM can observe elements in the light DOM which were distributed into the shadow, need to be special-cased for isolated Shadow DOM?

> * prototypes that it sees need to be from that other frame.

I believe that this is already the case, for example if you do

new ShadowRoot(e)

where e is an element from a frame but new ShadowRoot is run in the context of another frame/parent frame/etc. See my comments on bug 17447.
Comment 3 Dimitri Glazkov 2012-10-02 18:25:28 UTC
Also needs to have a different scripting context.
Comment 4 Dominic Cooney 2014-02-27 02:01:01 UTC
Are there any use cases of projection with isolation?
Comment 5 Maciej Stachowiak 2014-04-11 18:50:45 UTC
Besides DOM encapsulation, a separate scripting environment (different world or global object), and a separate owner document and set of DOM prototypes, full isolation also requires a way to sanitize JS values that are passed to or returned from exported methods (something like the Worker structured clone algorithm but at minimum it also needs to be able to handle DOM nodes that have different wrappers inside and outside the component).
Comment 6 Hayato Ito 2014-11-19 04:49:40 UTC

*** This bug has been marked as a duplicate of bug 20144 ***