[Bug 17761] New: Consider a src/href-like attribute for easy integration? from bugzilla@jessica.w3.org on 2012-07-12 (public-webapps-bugzilla@w3.org from July 2012)

From: <bugzilla@jessica.w3.org>
Date: Thu, 12 Jul 2012 16:29:01 +0000
To: public-webapps-bugzilla@w3.org
Message-ID: <bug-17761-2532@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=17761

           Summary: Consider a src/href-like attribute for easy
                    integration?
           Product: WebAppsWG
           Version: unspecified
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Component Model
        AssignedTo: dglazkov@chromium.org
        ReportedBy: bkardell@gmail.com
         QAContact: public-webapps-bugzilla@w3.org


Currently, my understanding is that you would have to add a script tag,
effectively to the head of your document containing the registration of the
custom components and then use them throughout with something like <div
is="blah">.  

This is less than ideal from a user's perspective as we'd like to be able to
take things like, say, a FaceBook "Like" component or a Google "+1" button and
just use it - sometimes in big enterprises, for example, the head comes from
some larger system which is out of your control and pieces of the page are
cobbled together.  Further, when I see is="blah" I am at a loss to know where
the related component script comes from...

Can we draw a page from things like <embed> and provide a simple means to tie
the relationship together and "prime the pump" just once for a particular uri? 
We have an open source project called hitchjs which lets you do all of this via
a url pattern, something like:

<div
data-hitch-widget="http://www.hitchjs.com/use/bkardell.social#fb-like"><div>

But you could easily break that down into something like

<div is="fb-like" package="http://www.hitchjs.com/use/bkardell.social"><div>

I understand that this may cause new security concerns with injection and needs
a lot more thought, but perhaps there is some inspiration that you could draw
in terms of adding some sort of whitelist trust declaration to the header or
something where you could say "I trust the stuff from xyz domain" or
something...  In the very least, you could restrict them to standard SOP and
that would let you use them in your own site a little clearer.

-- 
Configure bugmail: https://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Thursday, 12 July 2012 16:29:06 UTC