This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 20468 - [Components]: specify link rel="components"
Summary: [Components]: specify link rel="components"
Status: RESOLVED FIXED
Alias: None
Product: WebAppsWG
Classification: Unclassified
Component: HISTORICAL - Component Model (show other bugs)
Version: unspecified
Hardware: PC Linux
: P2 normal
Target Milestone: ---
Assignee: Dimitri Glazkov
QA Contact: public-webapps-bugzilla
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 20683
  Show dependency treegraph
 
Reported: 2012-12-21 01:33 UTC by John Messerly
Modified: 2013-03-07 23:27 UTC (History)
1 user (show)

See Also:


Attachments

Description John Messerly 2012-12-21 01:33:04 UTC
Apologies if I missed this. I saw it in the explainer but not in the current specs (template, shadow, component). 

I was asked a question today: is the component HTML file parsed as a normal HTML document (i.e. it should have doctype, html, body, etc) or can it just start with <element>? A related question is: what happens if it has other things, like top-level scripts that are not contained in <element>? I have my suspicion (that it is a normal HTML document) but it would be nice to have something a spec to point at.
Comment 1 Dominic Cooney 2012-12-21 07:13:09 UTC
I have heard an idea espoused that component documents *can* be HTML documents but elements outside component definitions are inert when loaded externally. Nor is the document accessible through DOM.

This allows “self documenting” components with documentation in the HTML file along with the component definition. That file may use instances of the components in the file. This can be viewed as a standalone document.

Of course, someone seeking to minimize size would not use self-documenting components in a production environment.

There is an attack vector where documents with inline component definitions are loaded cross-domain (basically the equivalent of cross-site script inclusion).

Thus the packaging specification should specify that CORS is required for cross-site components.