A user account is required in order to edit this wiki, but we've had to disable public user registrations due to spam.

To request an account, ask an autoconfirmed user on IRC (such as one of these permanent autoconfirmed members).

Component Model Strawman: Isolation

From WHATWG Wiki
Jump to: navigation, search

Overview

Terms

  • Confined: disallow a component from accessing the containing page. Useful when a page does not trust the component or its source.
  • Encapsulated: disallow the containing page from accessing the internals of the component. Useful when a component wants to prevent a page from meddling with it.
  • Isolated: a component that is both confined and encapsulated.

Considerations

Autonomy

Components should be autonomous entities that can be loaded and applied as a single building block. Avoid requiring extensive manipulations on both side of the page <=> component divide.

This will also help in implementing decorators.

Interface

The interface of a component should be minimal and well defined. Embedding pages should not be required (nor able to in the case of encapsulation) to access, or even know about, the internals of a component. Conversely, the function of a component should not depend on being able to access the DOM or any other information of the hosting page that is not provided through an interface.

The component should be able to apply and filter data and styles passed in as it sees fit.

Transparency

Whether or not a component is isolated should ideally be transparent to both the component and the hosting DOM.

Loading an External HTML Resource

The element registration and template definition also can be done in an external, separate HTML resource. Author can define a set of elements inside the external HTML and use it in different HTML pages.

Effective markup vocabulary for the external HTML is limited. Agents only recognize the first head element and its descendant.


<html>
  <head>
    <element name="x-comment">..</element>
  </head>
</html>

The host document

The document which hosts an external HTML file is called a "host document". Any HTML document can host be a host document.

If author add a link element with its rel attribute set to component to a apge, the page hosts the linked HTML resource.

In this example, the document hosts comment.html.


<html>
  <head>
    <link rel=”component” type=”text/html” href="comment.html">
  </head>
</html>

The confined attribute

Author can add the confined attribute to confine the component definition.


<html>
  <head>
    <link rel=”component” type=”text/html” href="comment.html" confined>
  </head>
</html>

Shared Hosting

If an author hosts an external HTML without specifying confined attribute, the HTML is hosted as a shared resource. That means, agents insert head children of the hosted document into the host document's head. Each script execution inside hosted HTML shares the global object with its host document.


In this example, the host document eventually has an element element named x-comment.


<!-- comment.html -->
<html>
  <head>
    <element name="x-comment">..</element>
  </head>
</html>

<!-- host document -->
<html>
  <head>
    <link rel=”component” type=”text/html” href="comment.html">
    <script>
    var shouldNotNull = document.querySelector("element[name=x-comment]");
    </script>
  </head>
</html>

Confined Hosting

If an author hosts an external HTML without specifying confined attribute, the HTML is hosted as a confined resource.

A confined resource has its document object. Any scripts inside the confined resource are run on its own global object.

Conceptually, a confined resource is similar to a document in a cross-domain frame. For example, the script on the confined resource can make a XMLHttpRequest to its own domain, instead of the host domain.


<!-- comment.html -->
<html>
  <head>
    <element name="x-comment">
       <script>
         console.log(document.location.toString()); // prints the url of comment.html 
       <script>
    </element>
  </head>
</html>

<!-- host document -->
<html>
  <head>
    <link rel=”component” type=”text/html” href="comment.html" confined>
  </head>
</html>

Registered Elements in a Confined Resource

The host document recognize an element name which is registered in the hosting confined documents, not only