A user account is required in order to edit this wiki, but we've had to disable public user registrations due to spam.

To request an account, ask an autoconfirmed user on Chat (such as one of these permanent autoconfirmed members).

Component Model Strawman: Isolation: Difference between revisions

From WHATWG Wiki
Jump to navigation Jump to search
 
(10 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Overview =


= Overview =
== Terms ==
 
* '''Confined''': disallow a component from accessing the containing page. Useful when a page does not trust the component or its source.
* '''Encapsulated''': disallow the containing page from accessing the internals of the component. Useful when a component wants to prevent a page from meddling with it.
* '''Isolated''': a component that is both confined and encapsulated.
 
== Considerations ==
 
=== Autonomy ===
 
Components should be autonomous entities that can be loaded and applied as a single building block. Avoid requiring extensive manipulations on both side of the page <=> component divide.
 
This will also help in implementing decorators.
 
=== Interface ===
 
The interface of a component should be minimal and well defined. Embedding pages should not be required (nor able to in the case of encapsulation) to access, or even know about, the internals of a component. Conversely, the function of a component should not depend on being able to access the DOM or any other information of the hosting page that is not provided through an interface.
 
The component should be able to apply and filter data and styles passed in as it sees fit.
 
=== Transparency ===
 
Whether or not a component is isolated should ideally be transparent to both the component and the hosting DOM.
 
= Loading an External HTML Resource =
 
The element registration and template definition also can be done in an external, separate HTML resource.
Author can define a set of elements inside the external HTML and use it in different HTML pages.
 
Effective markup vocabulary for the external HTML is limited.
Agents only recognize the first <tt>head element</tt> and its descendant.
 
<pre>
 
<html>
  <head>
    <element name="x-comment">..</element>
  </head>
</html>
 
</pre>
 
== The host document ==
 
The document which hosts an external HTML file is called a "host document".
Any HTML document can host be a host document.
 
If author add a <tt>link</tt> element with its <tt>rel</tt> attribute set to <tt>component</tt> to a apge,
the page hosts the linked HTML resource.
 
In this example, the document hosts <tt>comment.html</tt>.
 
<pre>
 
<html>
  <head>
    <link rel=”component” type=”text/html” href="comment.html">
  </head>
</html>


= Loading a HTML Resource =
</pre>


== The <tt>confined</tt> attribute ==


The element registration and template definition are also done in a separate HTML.
Author can add the <tt>confined</tt> attribute to confine the component definition.
Effective markup vocabulary for the defining HTML is limited.
Agents only recognize a head element as a child of the root element when the HTML document is loaded as required.


<pre>
<pre>
Line 13: Line 71:
<html>
<html>
   <head>
   <head>
     <element for="x-comment">..</element>
     <link rel=”component” type=”text/html” href="comment.html" confined>
   </head>
   </head>
</html>
</html>
Line 19: Line 77:
</pre>
</pre>


The host element can load the html with element definition using a <tt>link</tt> element with its <tt>rel</tt> attribute set to <tt>component</tt>.  
= Shared Hosting =
 
If an author hosts an external HTML without specifying <tt>confined</tt> attribute,
the HTML is hosted as a shared resource.
That means, agents insert <tt>head</tt> children of the hosted document
into the host document's <tt>head</tt>.
Each script execution inside hosted HTML shares the global object with its host document.
 
 
In this example, the host document eventually has an <tt>element</tt> element named <tt>x-comment</tt>.


<pre>
<pre>


<!-- comment.html -->
<html>
  <head>
    <element name="x-comment">..</element>
  </head>
</html>
<!-- host document -->
<html>
<html>
   <head>
   <head>
     <link rel=”component” type=”text/html” href="comment.html">
     <link rel=”component” type=”text/html” href="comment.html">
    <script>
    var shouldNotNull = document.querySelector("element[name=x-comment]");
    </script>
  </head>
</html>
</pre>
= Confined Hosting =
If an author hosts an external HTML without specifying <tt>confined</tt> attribute,
the HTML is hosted as a confined resource.
A confined resource has its document object. Any scripts inside the confined resource
are run on its own global object.
Conceptually, a confined resource is similar to a document in a cross-domain frame.
For example, the script on the confined resource can make a XMLHttpRequest to its own domain, instead of the host domain.
<pre>
<!-- comment.html -->
<html>
  <head>
    <element name="x-comment">
      <script>
        console.log(document.location.toString()); // prints the url of comment.html
      <script>
    </element>
  </head>
</html>
<!-- host document -->
<html>
  <head>
    <link rel=”component” type=”text/html” href="comment.html" confined>
   </head>
   </head>
</html>
</html>


</pre>
</pre>
== Registered Elements in a Confined Resource ==
The host document recognize an element name which is registered in the hosting confined documents, not only

Latest revision as of 00:33, 29 October 2011

Overview

Terms

  • Confined: disallow a component from accessing the containing page. Useful when a page does not trust the component or its source.
  • Encapsulated: disallow the containing page from accessing the internals of the component. Useful when a component wants to prevent a page from meddling with it.
  • Isolated: a component that is both confined and encapsulated.

Considerations

Autonomy

Components should be autonomous entities that can be loaded and applied as a single building block. Avoid requiring extensive manipulations on both side of the page <=> component divide.

This will also help in implementing decorators.

Interface

The interface of a component should be minimal and well defined. Embedding pages should not be required (nor able to in the case of encapsulation) to access, or even know about, the internals of a component. Conversely, the function of a component should not depend on being able to access the DOM or any other information of the hosting page that is not provided through an interface.

The component should be able to apply and filter data and styles passed in as it sees fit.

Transparency

Whether or not a component is isolated should ideally be transparent to both the component and the hosting DOM.

Loading an External HTML Resource

The element registration and template definition also can be done in an external, separate HTML resource. Author can define a set of elements inside the external HTML and use it in different HTML pages.

Effective markup vocabulary for the external HTML is limited. Agents only recognize the first head element and its descendant.


<html>
  <head>
    <element name="x-comment">..</element>
  </head>
</html>

The host document

The document which hosts an external HTML file is called a "host document". Any HTML document can host be a host document.

If author add a link element with its rel attribute set to component to a apge, the page hosts the linked HTML resource.

In this example, the document hosts comment.html.


<html>
  <head>
    <link rel=”component” type=”text/html” href="comment.html">
  </head>
</html>

The confined attribute

Author can add the confined attribute to confine the component definition.


<html>
  <head>
    <link rel=”component” type=”text/html” href="comment.html" confined>
  </head>
</html>

Shared Hosting

If an author hosts an external HTML without specifying confined attribute, the HTML is hosted as a shared resource. That means, agents insert head children of the hosted document into the host document's head. Each script execution inside hosted HTML shares the global object with its host document.


In this example, the host document eventually has an element element named x-comment.


<!-- comment.html -->
<html>
  <head>
    <element name="x-comment">..</element>
  </head>
</html>

<!-- host document -->
<html>
  <head>
    <link rel=”component” type=”text/html” href="comment.html">
    <script>
    var shouldNotNull = document.querySelector("element[name=x-comment]");
    </script>
  </head>
</html>

Confined Hosting

If an author hosts an external HTML without specifying confined attribute, the HTML is hosted as a confined resource.

A confined resource has its document object. Any scripts inside the confined resource are run on its own global object.

Conceptually, a confined resource is similar to a document in a cross-domain frame. For example, the script on the confined resource can make a XMLHttpRequest to its own domain, instead of the host domain.


<!-- comment.html -->
<html>
  <head>
    <element name="x-comment">
       <script>
         console.log(document.location.toString()); // prints the url of comment.html 
       <script>
    </element>
  </head>
</html>

<!-- host document -->
<html>
  <head>
    <link rel=”component” type=”text/html” href="comment.html" confined>
  </head>
</html>

Registered Elements in a Confined Resource

The host document recognize an element name which is registered in the hosting confined documents, not only