This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
Apologies if I missed this. I saw it in the explainer but not in the current specs (template, shadow, component). I was asked a question today: is the component HTML file parsed as a normal HTML document (i.e. it should have doctype, html, body, etc) or can it just start with <element>? A related question is: what happens if it has other things, like top-level scripts that are not contained in <element>? I have my suspicion (that it is a normal HTML document) but it would be nice to have something a spec to point at.
I have heard an idea espoused that component documents *can* be HTML documents but elements outside component definitions are inert when loaded externally. Nor is the document accessible through DOM. This allows “self documenting” components with documentation in the HTML file along with the component definition. That file may use instances of the components in the file. This can be viewed as a standalone document. Of course, someone seeking to minimize size would not use self-documenting components in a production environment. There is an attack vector where documents with inline component definitions are loaded cross-domain (basically the equivalent of cross-site script inclusion). Thus the packaging specification should specify that CORS is required for cross-site components.
https://dvcs.w3.org/hg/webcomponents/raw-file/tip/spec/components/index.html#link-type-component