This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
Step 3.7 of the element constructor algorithm may bleed a definition across registration contexts. For example: 1. Create a Custom Element in an iframe. 2. Disclose the constructor to a different window using JavaScript. 3. Call the constructor from JavaScript in that window. Step 3.7 is problematic because it initializes the element and calls the ready callback. But this could be happening in a different registration context (and in fact the original frame may be gone.) I think the element constructor algorithm needs to add a step: 3.0 If DOCUMENT's CONTEXT is different to the CONTEXT associated with DEFINITION, throw an InvalidStateError.
https://dvcs.w3.org/hg/webcomponents/rev/723367db9fa7