Webcomponents: Generic programs can't reliably use/manipulate documents via the DOM

|s", applications build by divs and spans, filled
by another ||divs and spans generated via XMLHTTPRequest... same diff
for you (no officially described semantics what so ever), huge
difference for those who write/maintain such projects.

Instead of refusing several years of discussions, the way to solve this
is come up with set of attributes that would be useful to
expose/describe, the same way WAI-ARIA works to describe authored
controls. Do you want to be informed about the fact that control is
editable?
"
Suppose a library wanted to provide an easy way to attach keyboard
shortcuts to a page, except when the user is entering text into an input
(||, || |<* contenteditable="true">|, etc.). This<br /> library will function incorrectly (ie. interpret input-generating<br /> keypresses as keyboard shortcuts) for any pages containing an input<br /> inside a closed shadow DOM.<br /> "<br /> let's introduce editable attribute, that would be default on controls<br /> mentioned above (unless readonly/disabled) and can be used on other<br /> controls. This is the way how it worked before (e.g. input extensions)<br /> and how it could work again. If you have experience with this, if you<br /> have some numbers of those attributes in mind, offer them.</p> <p>Solution we have now is not perfect, but we should work on it, not just<br /> simply say "it has few issues, so forget about it all"</p> <p>-- </p> <pre><code class="prettyprint"> Bronislav Klučka </code></pre> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/13207465?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt=" picture"> <strong>BronislavKlucka</strong> <span class="text-muted ml-1">on 14 May 2017</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> </div> <div class="col-12"> <div class="mb-4"> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-3835332123789605" data-ad-slot="9295564578" data-ad-format="auto" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </div> </div> <div class="col-12 d-flex align-items-center mb-4"> <h2>All 67 comments</h2> </div> <div class="col-12"> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>If the DOM is supposed to be an effective API for developers other than document/component authors, then closed shadow DOMs are directly harmful. I propose depreciating mode and dropping closed shadow DOMs completely.</p> </blockquote> <p>I think this statement is too generic. Closed shadow DOM is VERY useful in masking the author from the unnecessary details of the internals of standard HTML elements but harmful otherwise.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars3.githubusercontent.com/u/79245?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dylanb picture"> <strong>dylanb</strong> <span class="text-muted ml-1">on 8 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Closed shadow DOM is VERY useful in masking the author from the unnecessary details of the internals of standard HTML elements</p> </blockquote> <p>I think the "standard" part here is important: how is any code not written by the document author supposed to deal with the myriad possible non-standard elements otherwise? The specs dictate that the standard elements should behave in the manner anyway, with or without a closed shadow DOM feature.</p> <p>I'll concede an edit, regardless.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 8 May 2017</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>A generic program (ie. a program that uses the DOM to interact with a document of which it has no prior knowledge) has no reliable interface with which it can interact with and/or monitor documents</p> </blockquote> <p>What are examples of such a library / framework / program? The only concrete example people have presented so far is Google Feedback (it creates a screenshot of a Google property in JS). But any first-party feature like that could assume that everyone uses the same library or even a convention used on websites, e.g. shadowRoot is always exposed via <code>_shadowRoot()</code>, to implement such a feature. So the case in which components are written by the first party isn't the interesting case.</p> <p>Now, let us consider the case where components are written by third party developers, or different teams within an organization with tens of thousands of developers. In this case, it's not trivial to write a code that walks across shadow trees of components written by different teams or third parties. However, this can also be a benefit. If one of those teams decide to change the internal DOM structures of a component, any JS code that relies on certain DOM structure in that component's shadow DOM would break.</p> <p>In fact, this is a feature of Web Components API since the intent of Web Components API is to let developers write a custom HTML element that hides its internal structure in favor of providing a public API like any builtin HTML element. If it was so easy to travers and interact with each component's shadow tree, it would defeat the whole point of encapsulation. Instead, any generic code that walks across DOM to do some work should be treating each custom element instance like a regular builtin HTML element.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/285965?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rniwa picture"> <strong>rniwa</strong> <span class="text-muted ml-1">on 9 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>I think the "standard" part here is important: how is any code not written by the document author supposed to deal with the myriad possible non-standard elements otherwise? The specs dictate that the standard elements should behave in the manner anyway, with or without a closed shadow DOM feature.</p> </blockquote> <p>The same we'd deal with video elements, input elements, etc... which can be modeled as builtin elements with UA shadow roots (WebKit and Blink DO use shadow roots to implement these elements).</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/285965?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rniwa picture"> <strong>rniwa</strong> <span class="text-muted ml-1">on 9 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>What are examples of such a library / framework / program?</p> </blockquote> <p>My classic examples are:</p> <ul> <li>browser extensions (specifically <a rel="nofollow noopener" target="_blank" href="https://developer.mozilla.org/en-US/Add-ons/WebExtensions">WebExtensions</a>)<br /> <ul><br /> <li><a rel="nofollow noopener" target="_blank" href="https://chrome.google.com/webstore/detail/vimium/dbepggeogbaibhgnhhndojpepiihcmeb?hl=en">Vimium</a> for Chrome is a solid example that closed DOMs hurt</li><br /> </ul></li> <li>bookmarklets (ie. bookmarks with <code>javascript:</code> URIs)</li> <li>in-browser testing frameworks<br /> <ul><br /> <li>e.g. <a rel="nofollow noopener" target="_blank" href="http://www.seleniumhq.org/">Selenium</a> WebDriver</li><br /> </ul></li> <li>generic libraries (e.g. for jQuery)</li> <li>programs using a spec.-compliant DOM API outside of a browser.<br /> <ul><br /> <li><a rel="nofollow noopener" target="_blank" href="http://phantomjs.org/">PhantomJS</a> programs will suffer from this if/when it is updated to use a newer WebKit</li><br /> <li>Programs using a node.js library (eg. <a rel="nofollow noopener" target="_blank" href="https://www.npmjs.com/package/jsdom">jsdom</a>) which meets the spec. will struggle similarly</li><br /> </ul></li> <li>any other accessibility, testing or automation framework that uses the DOM as its interface to the document.</li> </ul> <blockquote> <p>In this case, it's not trivial to write a code that walks across shadow trees of components written by different teams or third parties.</p> </blockquote> <p>I thought this was the point of shadow DOM: to make it harder. If your (generic) program needs to support the increasing number of shadow DOM enabled documents, then it seems pretty manageable to me (unless I've missed anything):</p> <ul> <li>use <code>event.path[0]</code> instead of <code>event.target</code></li> <li>recursively walk down shadow DOMs of <code>activeElement</code> from <code>document</code>, instead of <code>document.activeElement</code></li> <li>any DOM traversal just needs to check for and walk into a <code>shadowRoot</code> when element an element has one, falling back to normal walking through children</li> <li>add a listener to <code>blur</code>/<code>focus</code>/etc. events on each <code>shadowRoot</code> in <code>event.path</code> (to capture changes of focus within a shadow DOM)</li> </ul> <blockquote> <p>any JS code that relies on certain DOM structure in that component's shadow DOM would break.</p> </blockquote> <p>I agree that this is undesirable. But any JS code doesn't rely on (or even know about) components and their closed shadow DOMs, but need access to them, are broken by their use in the first place. I don't think the extra (circumventable) safety warrants the (often uncircumventable) breakage for this code.</p> <blockquote> <p>any generic code that walks across DOM to do some work should be treating each custom element instance like a regular builtin HTML element.</p> </blockquote> <blockquote> <p>The same we'd deal with video elements, input elements, etc... which can be modeled as builtin elements with UA shadow roots (WebKit and Blink DO use shadow roots to implement these elements).</p> </blockquote> <p>We know what to do with regular builtin HTML elements. The only thing we can do with custom elements we don't know about is ignore them. This is a failure of the DOM.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 9 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="mb-4"> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-3835332123789605" data-ad-slot="3731713875" data-ad-format="auto" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@mrmr1993</strong> I can definitely see how Vimium would need access to all shadow DOM - including standard elements. It would be easier for programs that don't require access to these internals to explicitly exclude them like <a rel="nofollow noopener" target="_blank" href="https://github.com/dequelabs/axe-core/blob/shadowDOM/lib/core/utils/composed-tree.js#L73">axe-core is planning to do for the <code><marquee></code> element</a> - which appears with an open shadow DOM in Chrome.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars3.githubusercontent.com/u/79245?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dylanb picture"> <strong>dylanb</strong> <span class="text-muted ml-1">on 9 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <ul> <li>browser extensions (specifically <a rel="nofollow noopener" target="_blank" href="https://developer.mozilla.org/en-US/Add-ons/WebExtensions">WebExtensions</a>)<br /> <ul><br /> <li><a rel="nofollow noopener" target="_blank" href="https://chrome.google.com/webstore/detail/vimium/dbepggeogbaibhgnhhndojpepiihcmeb?hl=en">Vimium</a> for Chrome is a solid example that closed DOMs hurt</li><br /> </ul></li> </ul> </blockquote> <p>What's exposed to browser extensions is up to each UA vendor. So each browser vendor can totally expose a new API that forces all shadow roots to be open, for example.</p> <blockquote> <ul> <li>bookmarklets (ie. bookmarks with <code>javascript:</code> URIs)</li> <li>in-browser testing frameworks<br /> <ul><br /> <li>e.g. <a rel="nofollow noopener" target="_blank" href="http://www.seleniumhq.org/">Selenium</a> WebDriver</li><br /> </ul></li> </ul> </blockquote> <p>I could imagine that scripts injected by WebDriver should have access to closed shadow roots. That work could be spec'ed in WebDriver.</p> <blockquote> <ul> <li>generic libraries (e.g. for jQuery)</li> </ul> </blockquote> <p>Why would generic library need to access things inside a closed shadow tree?</p> <blockquote> <ul> <li>programs using a spec.-compliant DOM API outside of a browser.<br /> <ul><br /> <li><a rel="nofollow noopener" target="_blank" href="http://phantomjs.org/">PhantomJS</a> programs will suffer from this if/when it is updated to use a newer WebKit</li><br /> <li>Programs using a node.js library (eg. <a rel="nofollow noopener" target="_blank" href="https://www.npmjs.com/package/jsdom">jsdom</a>) which meets the spec. will struggle similarly</li><br /> </ul></li> </ul> </blockquote> <p>How could closed shadow trees cause problems for PhantomJS? Why are nodes.js and PhantomJS special with regards to closed shadow trees?</p> <blockquote> <ul> <li>any other accessibility, testing or automation framework that uses the DOM as its interface to the document.</li> </ul> </blockquote> <p>Saying that some libraries and frameworks may have an issue because they need to access nodes in a closed shadow tree is a bit tautological. We need a refutable statement. Otherwise, we can keep going around in circles based on each person's opinion.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/285965?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rniwa picture"> <strong>rniwa</strong> <span class="text-muted ml-1">on 10 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@rniwa</strong> how many examples do you want before you admit that your a priori opinion is possibly not correct?</p> <p>What is a valid argument in your opinion?</p> <p>Is the Vimium example not obviously a valid example of an application? What about that application makes you think it does not require access to the shadow DOM?</p> <p>Here is another example, albeit forward-looking: the Web standardization process has accepted polyfilling future functionality as a way to prove out the validity/value and appropriateness of a new extension. It is impossible to polyfill anything that would need access to all shadow DOMs if they are closed. This cannot be circumvented with user agent permissions.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars3.githubusercontent.com/u/79245?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dylanb picture"> <strong>dylanb</strong> <span class="text-muted ml-1">on 10 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I think he did address the Vimium example; browser extensions are non-standard, the browser can allow them to access closed Shadow DOM if they want to. It's a bug to report to Chrome's extension API.</p> <p>Personally I do not use closed shadow roots because I just don't care if outside code accesses it, but I can see the argument for it just fine. Let me ask you this <strong>@dylanb</strong>, does it cause problems for you that you can't access built-in element's shadow DOM? If not, then why is it a problem for custom elements?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars2.githubusercontent.com/u/361671?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="matthewp picture"> <strong>matthewp</strong> <span class="text-muted ml-1">on 10 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Example of a polyfill which will not be possible:</p> <p>Implementing a CSS4 <code>:has()</code> polyfill will not work in all the situations, in particular in combination with the <code>>>></code> combinator.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars3.githubusercontent.com/u/79245?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dylanb picture"> <strong>dylanb</strong> <span class="text-muted ml-1">on 10 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="mb-4"> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-3835332123789605" data-ad-slot="3731713875" data-ad-format="auto" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@rniwa</strong> how many examples do you want before you admit that your a priori opinion is possibly not correct?</p> </blockquote> <p>The number of example doesn't matter as much as the content of examples.</p> <blockquote> <p>What is a valid argument in your opinion?</p> </blockquote> <p>There must be a use case that can't be addressed in the presence of any closed shadow trees, which outweighs all the benefits closed shadow trees provide. But the existence of such a use case seems very unlikely at this point because:</p> <ol> <li>We always have an option not to use shadow trees</li> <li>We've had 3-4 years of continuous discussion on this matter and nobody has come up with such an example.</li> </ol> <p>But I welcome anyone to prove me wrong.</p> <blockquote> <p>Is the Vimium example not obviously a valid example of an application? What about that application makes you think it does not require access to the shadow DOM?</p> </blockquote> <p>No, because it's a browser extension. Each UA can expose whatever API to make closed shadow trees accessible to browser extensions. In fact, I've added a special API internal to Safari that enables such a feature should Safari team decide to add such a capability to its extension API. In general, browser extensions exist outside the realm of DOM and HTML standards; we don't encourage or discourage the existence of any feature or lack thereof in that space.</p> <blockquote> <p>Here is another example, albeit forward-looking: the Web standardization process has accepted polyfilling future functionality as a way to prove out the validity/value and appropriateness of a new extension. It is impossible to polyfill anything that would need access to all shadow DOMs if they are closed. This cannot be circumvented with user agent permissions.</p> <p>Example of a polyfill which will not be possible:</p> <p>Implementing a CSS4 :has() polyfill will not work in all the situations, in particular in combination with the >>> combinator.</p> </blockquote> <p>Why would a web component needs to be able to use the polyfill included outside the shadow tree? Again, if this is the first party or collaborating component, then such a component can use either a convention to expose its shadow tree (e.g. <code>getShadowRoot()</code> method) or call some function in the polyfill to enable it in the shadow tree.</p> <p>If the component was written by a third party or is otherwise non-collaborating, then such a component is unlikely to be expecting the existence of such a polyfill. In fact, the presence of such a polyfill may break or have unintended consequences on the component depending on what the polyfill is doing. So I'd argue that the fact a polyfill doesn't spill into each component's shadow tree is a feature, not a bug, of shadow DOM.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/285965?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rniwa picture"> <strong>rniwa</strong> <span class="text-muted ml-1">on 10 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Are you saying that a polyfill for the CSS4 selectors is not a valid/useful thing to implement?</p> <p>Are you saying that an author of a document who wants to use a CSS4 selector in combination with the <code>>>></code> combinator is not a valid use case of a CSS4 selector?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars3.githubusercontent.com/u/79245?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dylanb picture"> <strong>dylanb</strong> <span class="text-muted ml-1">on 11 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Here is a product that cannot work properly on a site that uses closed shadow DOM components that are not also standard HTML elements <a rel="nofollow noopener" target="_blank" href="https://sitecues.com/">https://sitecues.com/</a></p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars3.githubusercontent.com/u/79245?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dylanb picture"> <strong>dylanb</strong> <span class="text-muted ml-1">on 11 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Are you saying that a polyfill for the CSS4 selectors is not a valid/useful thing to implement?</p> </blockquote> <p>That's not at all I'm saying. I'm pointing out that a polyfill included outside the shadow tree not spilling into a component's shadow tree is a feature, not a bug if the component was written by someone else. It avoids breaking that component even if it wasn't written to work well with the newly polyfill.</p> <blockquote> <p>Here is a product that cannot work properly on a site that uses closed shadow DOM components that are not also standard HTML elements <a rel="nofollow noopener" target="_blank" href="https://sitecues.com/">https://sitecues.com/</a></p> </blockquote> <p>So it seems that Sitecues have two products. One for users which adds extra accessibility features to the browser, and another which adds those features on a website if the author wishes to have it.</p> <p>The first product exists outside the realm of the standardization process since it's basically a browser plugin / extension. For the second product, either each component can expose extra information to the library using some API, website can annotate each component with whatever information this tool needs (this is probably the most preferable approach since we can add new builtin HTML elements, and there should be a mechanism to make it compatible with this tool), or each website can include a script synchronously at the top which overrides <code>Element.prototype.attachShadow</code> to provide some hooks.</p> <p>But really, a well written component shouldn't need any extra work to make it possible to adjust the font size since each component should be specifying its font size using <code>rem</code>, <code>em</code>, or <code>%</code>.</p> <p>Dictation is a bit hard to implement in a website without a component or a website cooperating for sure but then if a website contains an cross-origin iframe, it won't work across iframe boundaries so I'm not sure if adding dictation feature to a component written by a third party which contains semantically important content in its shadow tree is really a common use case.</p> <p>In cases where a component is written by a third party, a tab view for example, the content semantically important to the user would be included as children of its shadow host so dictation would just work. In cases where a component is an integral part of the website, e.g. app container is a component itself, then that component can just expose whatever needed for dictation to work.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/285965?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rniwa picture"> <strong>rniwa</strong> <span class="text-muted ml-1">on 12 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>ok, so we have two good examples then of valid applications that cannot be implemented with closed shadow DOM:</p> <ol> <li>Sitecues dictation</li> <li>polyfills</li> </ol> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars3.githubusercontent.com/u/79245?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dylanb picture"> <strong>dylanb</strong> <span class="text-muted ml-1">on 12 May 2017</span> </div> <div class="col text-right"> 👎<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="mb-4"> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-3835332123789605" data-ad-slot="3731713875" data-ad-format="auto" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I wouldn't say either example is "good".</p> <p>The dictation can be implemented by either making websites or components collaborate. Furthermore, adding the dictation to a website that's not otherwise designed to do so is usually done at the browser level as a plugin / extension. If a website truly needed a dictation, e.g. e-book site, then that website can natively support & implement dictation as needed everywhere.</p> <p>For polyfils, I don't think polyfills spilling into a component's shadow tree by default is a good idea at all because polyfills can break components that don't expect them to exist. These kind of isolations and opt-ins are precisely what shadow DOM API should provide.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/285965?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rniwa picture"> <strong>rniwa</strong> <span class="text-muted ml-1">on 12 May 2017</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I'd note that we didn't spend a week or two thinking about these problems and come to the conclusion that the closed shadow tree is the way to go. We spent 2+ years continuously discussing amongst experienced software engineers who had been working on the Web technology over decades to reach our consensus. And this is precisely why we reached the consensus to keep <code>mode</code> as the mandatory option during W3C F2F meeting: because this topic is extremely contentious and either party arguing for open or closed shadow tree couldn't convince the other party.</p> <p>It would take some serious thinking and groundbreaking argument or discovery on your part to convince us otherwise.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/285965?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rniwa picture"> <strong>rniwa</strong> <span class="text-muted ml-1">on 12 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Another thing. The canvas element might be hostile to Sitecues's dictation feature because any text drawn in the canvas can't be read by Sitecues unless it implements OCR of some sort. But we didn't remove the canvas element. We instead added enhancements to the canvas to make it more accessible so that tools like Sitecues and browser's native assertive technology could get necessary information out of a canvas element.</p> <p>Similarly, if there is a specific scenario in which a closed shadow trees would break use cases, then we can make improvements to custom elements or shadow DOM API to address those use cases instead of letting them explore contents inside shadow trees manually. This approach has an added benefit of letting each component decide what's visible to tools like Sitecues.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/285965?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rniwa picture"> <strong>rniwa</strong> <span class="text-muted ml-1">on 12 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@rniwa</strong> I have a different proposal: how about user agents treat the built-in standard HTML elements in a special way (by closing their shadow DOM) and make all other shadow DOM open.</p> <p>This would meet the original requirements of having closed shadow DOM for UA elements but solve all the problems that you are explaining away by (and I am paraphrasing your posts) essentially telling people either not to use shadow DOM, not to use closed shadow DOM (collaborate) or simply not to implement their application the way they would like to.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars3.githubusercontent.com/u/79245?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dylanb picture"> <strong>dylanb</strong> <span class="text-muted ml-1">on 12 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>What's exposed to browser extensions is up to each UA vendor. So each browser vendor can totally expose a new API that forces all shadow roots to be open, for example.</p> </blockquote> <p><strong>@rniwa</strong> If only there was a place to standardise such an API, or some action we could take to make the API unnecessary, to help reduce the burden for developers... It's also worth noting that none of the browsers (Chrome, Firefox, Edge) supporting Web Extensions have previously needed to expose <em>any</em> supplemental APIs for DOM access; the DOM has been generic, well-specified and powerful enough to read and modify the document in all the necessary ways.</p> <blockquote> <p>We need a refutable statement.</p> </blockquote> <p>I'll give you ~four~(edit:) five:</p> <ul> <li>With closed shadow roots, the DOM is no longer generic, well-specified and powerful enough to read and modify the document in the ways the page's scripts can as a whole.</li> <li>It is a waste of implementers' time and effort to each discover the limited access and develop a non-standard workaround.</li> <li>It is a waste of developers' time and effort to each discover the limited access, request a non-standard workaround and/or work out how it should be used.</li> <li>The protection that the component developer is given from the document's author are illusory.</li> <li>(edit:) Closed shadow DOMs let any developer create arbitrary self-contained, undocumented extensions to the DOM. The average developer cannot be relied upon to do this usefully, compatibly or well.</li> </ul> <blockquote> <p>How could closed shadow trees cause problems for PhantomJS? Why are nodes.js and PhantomJS special with regards to closed shadow trees?</p> </blockquote> <p>Scripts that use PhantomJS to interact with documents use the DOM to do so. Some developers will need to be able to read/manipulate content in shadow DOMs programmatically to make their applications work correctly with pages using them. They cannot do this without PhantomJS and node.js adding their own non-standard workarounds.</p> <blockquote> <p>Why would generic library need to access things inside a closed shadow tree?</p> </blockquote> <p>Suppose a library wanted to provide an easy way to attach keyboard shortcuts to a page, except when the user is entering text into an input (<code><input></code>, <code><textarea></code> <code><* contenteditable="true"></code>, etc.). This library will function incorrectly (ie. interpret input-generating keypresses as keyboard shortcuts) for any pages containing an input inside a closed shadow DOM.</p> <p>(Full disclosure: this is what Vimium does, but browser-wide instead of for a single document.)</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 12 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="mb-4"> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-3835332123789605" data-ad-slot="3731713875" data-ad-format="auto" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I disagree completely <strong>@mrmr1993</strong>, closed shadow DOMs just give developers the same abilities that built-in elements have. If a new built-in form element were created then Vimium wouldn't work with it either. The solution here is to define an interface to interact with form elements that is generic enough that Vimium and others don't need to special case for every element type. These are the events to listen to changes and the properties to get/set the element's underlying value. There's no reason why if my custom element (with a closed shadow) emitted those events and had the correct properties why Vimium wouldn't just work with those.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars2.githubusercontent.com/u/361671?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="matthewp picture"> <strong>matthewp</strong> <span class="text-muted ml-1">on 12 May 2017</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>does it cause problems for you that you can't access built-in element's shadow DOM? If not, then why is it a problem for custom elements</p> </blockquote> <p><strong>@matthewp</strong> built-in elements' behaviours and properties are comprehensive, well-defined, and easy-to-find. There are occasional limitations (e.g. setting the cursor position in an <code><input type="date" /></code>), but nearly everything you might want to do with them is possible.</p> <p>By contrast, custom elements need not have any useful/relevant behaviours and properties. Even when they do, code that isn't written for them has no reliable way of using them, since it can't "read the documentation".</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 12 May 2017</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>There's no reason why if my custom element (with a closed shadow) emitted those events and had the correct properties why Vimium wouldn't just work with those.</p> </blockquote> <p><strong>@matthewp</strong> Of course there isn't. But Vimium (or a library doing the same) is unreliable if it depends on every developer (using a shadow DOM) on every page correctly and consistently implementing the same features. This makes for <em>awful</em> UX.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 12 May 2017</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>To put it another way: open shadow DOMs give a (in fact <em>the only</em>) reliable standard API for non-standard components; closed shadow DOMs give you nothing.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 12 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>It's also worth noting that none of the browsers (Chrome, Firefox, Edge) supporting Web Extensions have previously needed to expose any supplemental APIs for DOM access; the DOM has been generic, well-specified and powerful enough to read and modify the document in all the necessary ways.</p> </blockquote> <p>That's absolutely untrue. Browsers already have to provide a mechanism to inject code into every cross-origin iframe's document even though the top-level document ordinarily don't have access to.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/285965?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rniwa picture"> <strong>rniwa</strong> <span class="text-muted ml-1">on 12 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="mb-4"> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-3835332123789605" data-ad-slot="3731713875" data-ad-format="auto" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>the DOM has been generic, well-specified and powerful enough to read and modify the document in all the necessary ways.</p> </blockquote> <p>That's absolutely untrue. Browsers already have to provide a mechanism to inject code into every cross-origin iframe's document even though the top-level document ordinarily don't have access to.</p> </blockquote> <p>I think you're being a bit disingenuous. That's not an API to read or modify the document in any way. It does create an execution context with access to read or modify the document, but this is still solely via the DOM.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 12 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>We need a refutable statement.</p> </blockquote> <p>I'll give you ~four~(edit:) five:</p> <ul> <li>With closed shadow roots, the DOM is no longer generic, well-specified and powerful enough to read and modify the document in the ways the page's scripts can as a whole.</li> </ul> </blockquote> <p>This is demonstratively false. You can simply override <code>Element.prototype.attachShadow</code> to do the same. But more importantly, the whole point of shadow DOM is to provide encapsulation. Encapsulation by definition hides information of each component from the rest. This is a feature, not a bug.</p> <blockquote> <ul> <li>It is a waste of implementers' time and effort to each discover the limited access and develop a non-standard workaround.</li> </ul> </blockquote> <p>Why is not being able to access a shadow tree's content considered a limitation and something that requires a workaround? This isn't really a refutable but rather an opinion.</p> <blockquote> <ul> <li>It is a waste of developers' time and effort to each discover the limited access, request a non-standard workaround and/or work out how it should be used.</li> </ul> </blockquote> <p>Ditto.</p> <blockquote> <ul> <li>The protection that the component developer is given from the document's author are illusory.</li> </ul> </blockquote> <p>Illusory as in they can work around by overriding <code>Element.prototype.attachShadow</code>, or any other method in the same global? That is the limitation of the ECMAScript, not DOM. If ECMAScript provided a way to get a separate realm (and its own global object), or had a reliable way to get the original builtin functions, the protection would not be illusory.</p> <blockquote> <ul> <li>(edit:) Closed shadow DOMs let any developer create arbitrary self-contained, undocumented extensions to the DOM. The average developer cannot be relied upon to do this usefully, compatibly or well.</li> </ul> </blockquote> <p>This seems like an argument against any average developer writing any component at all. It doesn't matter whether a component uses a shadow tree or not since any component can be ill-formed. FWIW, a component can be written using a cross-origin iframe or a canvas element in which case nobody else wouldn't have access to its content even today.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/285965?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rniwa picture"> <strong>rniwa</strong> <span class="text-muted ml-1">on 12 May 2017</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>It is a waste of implementers' time and effort to each discover the limited access and develop a non-standard workaround.</p> </blockquote> <p>Why is not being able to access a shadow tree's content considered a limitation and something that requires a workaround? This isn't really a refutable but rather an opinion.</p> </blockquote> <p>If useful programs can't be written to function as intended, that seems like a limitation. Especially if they could be before. Is it not a limitation that a developer can't write a keyboard shortcut library of the kind I described as above?</p> <blockquote> <blockquote> <ul> <li>The protection that the component developer is given from the document's author are illusory.</li> </ul> </blockquote> <p>Illusory as in they can work around by overriding <code>Element.prototype.attachShadow</code>, or any other method in the same global? That is the limitation of the ECMAScript, not DOM. If ECMAScript provided a way to get a separate realm (and its own global object), or had a reliable way to get the original builtin functions, the protection would not be illusory.</p> </blockquote> <p>This is the whole point of the closed shadow DOM though, no? Either the DOM is important for multiple contexts, in which case they may not have document awareness and need shadow DOM access to behave correctly with custom elements, or they're not, in which case they're embedded in the document, use ECMAScript and the protection is illusory.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 13 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <blockquote> <p>It is a waste of implementers' time and effort to each discover the limited access and develop a non-standard workaround.</p> </blockquote> <p>Why is not being able to access a shadow tree's content considered a limitation and something that requires a workaround? This isn't really a refutable but rather an opinion.</p> </blockquote> <p>If useful programs can't be written to function as intended, that seems like a limitation. Especially if they could be before. Is it not a limitation that a developer can't write a keyboard shortcut library of the kind I described as above?</p> </blockquote> <p>Would you argue that private variables in languages like C++ and Java are limitations that prevent useful programs to be written because other code can't access those states and implement useful programs?</p> <p>Or would you argue that the canvas is a limitation because it won't allow the same library to provide keyboard shortcuts into text drawn in the canvas?</p> <blockquote> <blockquote> <blockquote> <ul> <li>The protection that the component developer is given from the document's author are illusory.</li> </ul> </blockquote> <p>Illusory as in they can work around by overriding <code>Element.prototype.attachShadow</code>, or any other method in the same global? That is the limitation of the ECMAScript, not DOM. If ECMAScript provided a way to get a separate realm (and its own global object), or had a reliable way to get the original builtin functions, the protection would not be illusory.</p> </blockquote> <p>This is the whole point of the closed shadow DOM though, no? Either the DOM is important for multiple contexts, in which case they may not have document awareness and need shadow DOM access to behave correctly with custom elements, or they're not, in which case they're embedded in the document, use ECMAScript and the protection is illusory.</p> </blockquote> <p>There is a discussion for private states in ECMAScript on track, and we've been discussing about the fully isolated components for years now.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/285965?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rniwa picture"> <strong>rniwa</strong> <span class="text-muted ml-1">on 13 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Would you argue that private variables in languages like C++ and Java are limitations that prevent useful programs to be written because other code can't access those states and implement useful programs?</p> </blockquote> <p>I would argue that a user can't interactively render a collection of private variables, nor pass it to a program, expecting it to act upon their mental model of that rendering.</p> <blockquote> <p>Or would you argue that the canvas is a limitation because it won't allow the same library to provide keyboard shortcuts into text drawn in the canvas?</p> </blockquote> <p>It's an image. At a facile level, if you're not using document objects to render your content, then you have nothing to do with the DOM, and the DOM has nothing to do with you. This sucks for all planned or unplanned external interactivity, but it shouldn't be a consideration for this discussion.</p> <blockquote> <p>There is a discussion for private states in ECMAScript on track, and we've been discussing about the fully isolated components for years now.</p> </blockquote> <p>I think the same point as for C++ and Java applies. It's not a 'thing' as far is the user is concerned. Go wild.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 13 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="mb-4"> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-3835332123789605" data-ad-slot="3731713875" data-ad-format="auto" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>There is a discussion for private states in ECMAScript on track, and we've been discussing about the fully isolated components for years now.</p> </blockquote> <p>I think the same point as for C++ and Java applies. It's not a 'thing' as far is the user is concerned. Go wild.</p> </blockquote> <p>Well, then that same argument holds for closed shadow trees. It's not really a thing to go into some component's shadow tree and mess with it.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/285965?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rniwa picture"> <strong>rniwa</strong> <span class="text-muted ml-1">on 13 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>I think the same point as for C++ and Java applies. It's not a 'thing' as far is the user is concerned. Go wild.</p> </blockquote> <p>Well, then that same argument holds for closed shadow trees.</p> </blockquote> <p>Hardly. The DOM is always meaningful, since it represents the user interface/user-facing content in a standardised way. If you give me a DOM (and the relevant styles, admittedly), I can tell you what it represents and do useful things with it. Not so with arbitrary internal private states -- their representation is only meaningful in the context of that specific program.</p> <blockquote> <p>It's not really a thing to go into some component's shadow tree and mess with it.</p> </blockquote> <p>I think you may have misinterpreted me: I meant that ECMAScript internal state isn't a virtual object in the mind of the user. DOM elements certainly are. Nonetheless, this is patently false; programs already do this. That you don't like it doesn't make it not a 'thing'. </p> <p>The thing that's made the web so powerful up until now <em>is</em> the DOM. Search engines rely on the DOM. Libraries rely on the DOM. Extensions rely on the DOM. Accessibility programs rely on the DOM. People have been able to re-use huge amounts of code because the underlying objects are all the same, and all accessible.</p> <p>This all dies when your documents are full of opaque <code><main-content></code>s and <code><autocomplete-input></code>s and mine are full of <code><article-body></code>s and <code><filter-dropdown></code>s. Or worse, 'empty' <code><div></code>s. The objects in the DOM can't reliably convey any meaning to cross-document programs, unless they learn to read the developers' minds. This ruins the web.</p> <p>I'll quote my example from above here, in the hopes that you have a response to it:</p> <blockquote> <p>Suppose a library wanted to provide an easy way to attach keyboard shortcuts to a page, except when the user is entering text into an input (<code><input></code>, <code><textarea></code> <code><* contenteditable="true"></code>, etc.). This library will function incorrectly (ie. interpret input-generating keypresses as keyboard shortcuts) for any pages containing an input inside a closed shadow DOM.</p> </blockquote> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 13 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Hi,</p> <p>you are missing the point, /closed/ mode is not wrongly introduced<br /> because you cannot mess with the internals, it was created precisely for<br /> this purpose: so you cannot mess with the internals. You are looking at<br /> this issue with very narrow perspective of very few use cases,<br /> completely ignoring the pain of web apps developers they have been<br /> dealing with for decades: the global DOM space, where everything could<br /> affect everything.<br /> The common way, how desktop apps are developed is that you have/buy RAD<br /> with e.g. 20 components and through out the years you<br /> write/purchase/download hundreds of others and the beauty is, that those<br /> are self contained black boxes that always works together regardless of<br /> any kind of combination of any number of component from any number of<br /> developers (exceptions being possible class naming collisions and unique<br /> resources access).<br /> The second beauty of this simply is the fact, that developers who are<br /> using those components are informed "you can touch this, this is fixed<br /> and you cannot rely on that, that is internal and can change with every<br /> minor release". If you chose to somehow rely on internals and it breaks,<br /> it's your fault, not authors.</p> <p>If you ever tried to combine even 2 web/js component libraries together?<br /> pain... and then upgrade one... Yes /closed/ mode is something new and<br /> strange but something web platforms needs to become fully fledged<br /> application run time (yes, we could somehow do this before... you can<br /> walk to Rome, but I assume air plain or car is much better solution).</p> <p>You are arguing that<br /> "<br /> This all dies when your documents are full of opaque |<main-content>|s<br /> and |<autocomplete-input>|s and mine are full of |<article-body>|s and<br /> |<filter-dropdown>|s. Or worse, 'empty' |<div>|s.<br /> "<br /> but you are effectively describing the issue you/we had for decades:<br /> "opaque 'empty' |<div>|s", applications build by divs and spans, filled<br /> by another ||divs and spans generated via XMLHTTPRequest... same diff<br /> for you (no officially described semantics what so ever), huge<br /> difference for those who write/maintain such projects.</p> <p>Instead of refusing several years of discussions, the way to solve this<br /> is come up with set of attributes that would be useful to<br /> expose/describe, the same way WAI-ARIA works to describe authored<br /> controls. Do you want to be informed about the fact that control is<br /> editable?<br /> "<br /> Suppose a library wanted to provide an easy way to attach keyboard<br /> shortcuts to a page, except when the user is entering text into an input<br /> (|<input>|, |<textarea>| |<* contenteditable="true">|, etc.). This<br /> library will function incorrectly (ie. interpret input-generating<br /> keypresses as keyboard shortcuts) for any pages containing an input<br /> inside a closed shadow DOM.<br /> "<br /> let's introduce editable attribute, that would be default on controls<br /> mentioned above (unless readonly/disabled) and can be used on other<br /> controls. This is the way how it worked before (e.g. input extensions)<br /> and how it could work again. If you have experience with this, if you<br /> have some numbers of those attributes in mind, offer them.</p> <p>Solution we have now is not perfect, but we should work on it, not just<br /> simply say "it has few issues, so forget about it all"</p> <p>-- </p> <pre><code class="prettyprint"> Bronislav Klučka </code></pre> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/13207465?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="BronislavKlucka picture"> <strong>BronislavKlucka</strong> <span class="text-muted ml-1">on 14 May 2017</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>you are missing the point, /closed/ mode is not wrongly introduced because you cannot mess with the internals, it was created precisely for this purpose: so you cannot mess with the internals.</p> </blockquote> <p>I don't think I am. I'm trying to argue that this change is harmful, and that the justifications are not proportionate to the harms.</p> <blockquote> <p>You are looking at this issue with very narrow perspective of very few use cases, completely ignoring the pain of web apps developers they have been dealing with for decades: the global DOM space, where everything could affect everything. The common way, how desktop apps are developed is that you have/buy RAD with e.g. 20 components and through out the years you write/purchase/download hundreds of others and the beauty is, that those are self contained black boxes that always works together regardless of any kind of combination of any number of component from any number of developers (exceptions being possible class naming collisions and unique resources access). The second beauty of this simply is the fact, that developers who are using those components are informed "you can touch this, this is fixed and you cannot rely on that, that is internal and can change with every minor release". If you chose to somehow rely on internals and it breaks, it's your fault, not authors.</p> </blockquote> <p>We're all in agreement on this. Notice how nobody is arguing against open shadow DOMs, which satisfy all of these things.</p> <blockquote> <p>If you ever tried to combine even 2 web/js component libraries together? pain... and then upgrade one...</p> </blockquote> <p>Agreed, it's nasty. Open shadow DOMs are a great way to help improve this pain point.</p> <blockquote> <p>Yes /closed/ mode is something new and strange but something web platforms needs to become fully fledged application run time</p> </blockquote> <p>Closed mode isn't new and strange: restricting access to things isn't that revolutionary a concept, and it being new doesn't make it a good idea. Perhaps shadow DOMs are new and strange, but they are a brilliant idea, something the web needs, and in no way require closed mode.</p> <blockquote> <p>you are effectively describing the issue you/we had for decades: "opaque 'empty' |<div>|s", applications build by divs and spans, filled by another ||divs and spans generated via XMLHTTPRequest... same diff for you (no officially described semantics what so ever), huge difference for those who write/maintain such projects.</p> </blockquote> <p>It's actually a world of difference for me. The officially described semantics <em>were the DOM</em>. Anything you wanted or needed to know about the user-facing content could be found by looking in the DOM. Not so for closed shadow roots: you may as well replace every element with a closed shadow DOM with a <code><useless-element></code>.</p> <p>The huge difference for writers/maintainers comes from custom elements, which can function perfectly well with an open-only shadow DOM.</p> <blockquote> <p>Instead of refusing several years of discussions, the way to solve this is come up with set of attributes that would be useful to expose/describe, the same way WAI-ARIA works to describe authored controls. Do you want to be informed about the fact that control is editable?</p> </blockquote> <p>I <em>still</em> can't find anything in those several years of discussion that persuades me that closed shadow roots are a net positive.</p> <p>The set of attributes that would be useful to expose/describe is the DOM. Or is there something in the DOM API that you consider not useful to have exposed?</p> <blockquote> <p>let's introduce editable attribute, that would be default on controls mentioned above (unless readonly/disabled) and can be used on other controls.</p> </blockquote> <p>Let's say your shadow DOM contains a text input and a checkbox. Is it editable? If not, the behaviour is obviously broken in the input box; otherwise, behaviour is incorrect when the checkbox has focus. This is an example of a family of non-trivial problems, and the glaringly obvious solution is to have some API to expose the internal DOM.</p> <blockquote> <p>Solution we have now is not perfect, but we should work on it, not just simply say "it has few issues, so forget about it all"</p> </blockquote> <p>It's a tack-on to open shadow roots, not a solution in its own right. Exposing the shadow DOM is a detail of the larger shadow roots concept, and none of the other very significant benefits of shadow roots disappear if we "forget all about it".</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 14 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I worry that I might have missed something fundamental here. Can anybody clarify for me:</p> <ul> <li>Do closed shadow roots provide any use, or make anything possible, that open ones do not?</li> <li>Who benefits from closed shadow DOMs? Who suffers from them? Is the trade-off worth it?</li> </ul> <p>As far as I can tell, the answers are:</p> <ul> <li>No, except possibly fulfilling a sense of "getting the damn kids off my lawn".</li> <li>Component developers 'benefit' by taking and withholding control. Developers 'benefit' from being unable to do some things 'for their own good'. This looks like a restriction rather than a feature, based off weak reasoning, and doesn't feel worth it to me.</li> </ul> <p>(Please read "getting the damn kids off my lawn" as "knowing better than and what's best for other developers, and wanting to impose it", if the former offends your sensibilities.)</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 14 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>yes It does, the same thing as in any generic desktop app development: the difference what is and what is not to be messed with, the argument is not about "I§m the king of the world and I know best", as it's not in other environments. Clear encapsulation is the point. Open shadow root does not provide that. I do not know your experience ouside web, but I can open Delphi (Object Pascal), Visual Studio (C#+.NET) and thou syntax is very different, in semantics it makes no difference, I can tell what is public, what is private, not because being the best, but to define interface. I cannot do that with open shadow DOM, which part is or is not to be messed with.<br /> Who benefits from it? Every single programmer using 3rd party component. Who suffer? very few use cases.</p> <p>The argument may not persuade you personally, but the fact that a lot of people discussing this agreed upon the fact that both are needed my mean something. I can see usecases for open and closed.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/13207465?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="BronislavKlucka picture"> <strong>BronislavKlucka</strong> <span class="text-muted ml-1">on 14 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>It does, the same thing as in any generic desktop app development</p> </blockquote> <p>Just because it's done elsewhere doesn't mean it's right or well-justified.</p> <blockquote> <p>the argument is not about "I§m the king of the world and I know best", as it's not in other environments.</p> </blockquote> <p>Indeed, the argument is long resolved elsewhere, since the language implementations have historically implemented it. This does not -- and should not -- preclude us from making a better or different decision here, and considering fully the implications it will have.</p> <blockquote> <p>I can open Delphi (Object Pascal), Visual Studio (C#+.NET) and thou syntax is very different, in semantics it makes no difference, I can tell what is public, what is private, not because being the best, but to define interface. I cannot do that with open shadow DOM, which part is or is not to be messed with.</p> </blockquote> <p>In my experience, this has been a major pain point for developers when dealing with under-specified components. I hope you are not talking personally about being unable to tell. Clearly an open shadow DOM is something separate, and should be obvious by its inconvenience that it is not designed to be used casually or on a whim.</p> <blockquote> <p>Who benefits from it? Every single programmer using 3rd party component.</p> </blockquote> <p>How? I'm still unclear on this. Perhaps you could give me an example of a 3rd party component developer changing an implementation detail from public to private and it tangibly benefiting one of these programmers.</p> <blockquote> <p>I can see usecases for open and closed.</p> </blockquote> <p>Some examples might be helpful. Why would some components require complete closure of implementation details and others not? How would you ensure that the right one is used for the right usecases?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 14 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>On 14.5.2017 18:37, Matthew Ryan wrote:<br /> ></p> <blockquote> <pre><code class="prettyprint">It does, the same thing as in any generic desktop app development </code></pre> <p>Just because it's done elsewhere doesn't mean it's right or<br /> well-justified.</p> <p>correct, but I'll make the point below discussing documentation</p> <pre><code class="prettyprint">the argument is not about "I§m the king of the world and I know best", as it's not in other environments. </code></pre> <p>Indeed, the argument is long resolved elsewhere, since the language<br /> implementations have historically implemented it. This does not -- and<br /> should not -- preclude us from making a better or different decision<br /> here, and considering fully the implications it will have.</p> <p>But it was discussed, for several years. And a lot of implementation<br /> details have been considered, there have always been opposition against<br /> /closed/ mode and their arguments were heard, but the decision have to<br /> be made and have been made.<br /> The argument is the other way around: we have the experience, it works,<br /> it works exactly as it should and it's pretty much always stressed to<br /> use encapsulation</p> <pre><code class="prettyprint">I can open Delphi (Object Pascal), Visual Studio (C#+.NET) and thou syntax is very different, in semantics it makes no difference, I can tell what is public, what is private, not because being the best, but to define interface. I cannot do that with open shadow DOM, which part is or is not to be messed with. </code></pre> <p>In my experience, this has been a major pain point for developers when<br /> dealing with under-specified components. I hope you are not talking<br /> personally about being unable to tell. Clearly an open shadow DOM is<br /> something separate, and should be obvious by its inconvenience that it<br /> is not designed to be used casually or on a whim.</p> <p>Of course the decision on /open///closed /should not be on the whim,<br /> even usage of shadow dom of any kind should not be, it should not be<br /> used just because we have it.<br /> The documentation is nice thing, but the best documentation is always<br /> the code itself, why should I look on object, listing<br /> properties/fields/methods and the look into documentation to see which<br /> is public which is not... Why should anyone spent time writing/reading<br /> documentation on what is private/protected/public?<br /> this does not even exists in DOM itself, you either can see it on object<br /> = you can mess with that, or you do not see it at all.</p> </blockquote> <blockquote> <pre><code class="prettyprint">Who benefits from it? Every single programmer using 3rd party component. </code></pre> <p>How? I'm still unclear on this. Perhaps you could give me an example<br /> of a 3rd party component developer changing an implementation detail<br /> from public to private and it tangibly benefiting one of these<br /> programmers.</p> <p>This is not about changing, this is about getting the component and<br /> knowing immediately, it is about knowing, that it's pretty much always<br /> save to upgrade, knowing, that public is safe to mess around with,<br /> knowing that you can rely on that. Again, trying to integrate 2 JS/DOM<br /> framework is pain. Everywhere else it's seamless.</p> <pre><code class="prettyprint">I can see usecases for open and closed. </code></pre> <p>Some examples might be helpful. Why would some components require<br /> complete closure of implementation details and others not?</p> <p>I have always been proponent of /closed/ only, so I'll have to live with<br /> the fact, that sometimes I'll look at some component and be pretty much<br /> where I'm today, knowing nothing :). For me, talking about components,<br /> there should always be /closed/ mode: "here is an interface for this<br /> component, that's it", as it has been proven to work for decades<br /> everywhere else and with the DOM native elements and native JS objects.<br /> There was never any access to all in web platform. It may be convenient<br /> to have only some native components. But it's limiting.<br /> /Open/ mode for me? Modules. I can see e.g. putting together a module<br /> for files (list control to display, buttons to add, delete, pagination)<br /> and use it in different places in project (files for customers, files<br /> for tasks, files for projects). It's self contained, as shadow dom, to<br /> be able to be placed anywhere without breaking the module itself, or<br /> module breaking surroundings, but it can freely be used.<br /> And list control is, of course (for me) closed.</p> <p>How would you ensure that the right one is used for the right usecases?</p> <p>Pretty much as with anything you code?</p> </blockquote> <p>I get that all I write about can mean nothing to you, but again, there<br /> have been a loooong discussion already.</p> <pre><code class="prettyprint"> Bronislav Klučka </code></pre> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/13207465?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="BronislavKlucka picture"> <strong>BronislavKlucka</strong> <span class="text-muted ml-1">on 14 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>But it was discussed, for several years. And a lot of implementation details have been considered, there have always been opposition against /closed/ mode and their arguments were heard, but the decision have to be made and have been made. The argument is the other way around: we have the experience, it works, it works exactly as it should and it's pretty much always stressed to use encapsulation</p> </blockquote> <p>This <em>still</em> doesn't mean that the right decision has been made, either in this spec. or by other language implementers. In general, experience with a bad decision is still experience with a bad decision. Unfortunately I'm not at all persuaded that this isn't one.</p> <blockquote> <p>Of course the decision on /open///closed /should not be on the whim, even usage of shadow dom of any kind should not be, it should not be used just because we have it.</p> </blockquote> <p>I only meant it shouldn't be used on a whim, only when it is useful and unavoidable.</p> <blockquote> <p>This is not about changing, this is about getting the component and knowing immediately, it is about knowing, that it's pretty much always save to upgrade, knowing, that public is safe to mess around with, knowing that you can rely on that.</p> </blockquote> <p>I know it's not about changing: I was hoping for an example of a tangible benefit, and thought that might be a good way to demonstrate one. Still, if you aren't using code that touches the shadow DOM of a component, I can't see why you wouldn't be safe to upgrade it regardless.</p> <hr /> <p>If the closed shadow DOM is supposed to give the <em>document author</em> these assurances, why is it that the <em>component developer</em> is the one getting the say over open vs. closed? The document author is at the receiving end of the safety vs. power trade-off, so surely they should have control over the decision.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 15 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <blockquote> <p>I think the same point as for C++ and Java applies. It's not a 'thing' as far is the user is concerned. Go wild.</p> </blockquote> <p>Well, then that same argument holds for closed shadow trees.</p> </blockquote> <p>Hardly. The DOM is always meaningful, since it represents the user interface/user-facing content in a standardised way. If you give me a DOM (and the relevant styles, admittedly), I can tell you what it represents and do useful things with it. Not so with arbitrary internal private states -- their representation is only meaningful in the context of that specific program.</p> </blockquote> <p>That is patently false.</p> <blockquote> <p>If the closed shadow DOM is supposed to give the document author these assurances, why is it that the component developer is the one getting the say over open vs. closed? The document author is at the receiving end of the safety vs. power trade-off, so surely they should have control over the decision.</p> </blockquote> <p>Web components provide powers to both library/component authors as well as page authors. The primary benefits of closed shadow trees is the "guarantee" or a strong implication that the components are free to change its implementation without having to worry about its details. This is extremely important for a popular component intended to be upgraded and maintained for a long period of time.</p> <p>We have quite a bit of experience dealing with such a problem in UIKit and AppKit here at Apple. We frequently encounter binary compatibility issues whereby which a third party app was relying on the implementation details of UIKit, AppKit, and other system frameworks. They are not supposed to do that (clearly stated in the policy and what not) but in the practice, many apps do because they can. In those cases, we must either can't make a change (e.g. maintaining same view / CA layer hierarchy), or break the app and notify the authors to have them fix them before those changes take effect. With AppStore and once a year release cycle, this is all possible. However, in the world of the Web, where developers would like to move faster and innovate in a rapid pace, and there is no repository of all Web apps which use a given framework or a library, this will become an impossible issue to resolve.</p> <p>Just as another example, Microsoft once upon a time (not sure if they still do) decided to make it possible for any given Windows system to have multiple versions of the same DLL so that each app that links against a particular version of DLL will continue to work to combat the infamous <a rel="nofollow noopener" target="_blank" href="https://en.wikipedia.org/wiki/DLL_Hell">DLL hell</a>.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/285965?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rniwa picture"> <strong>rniwa</strong> <span class="text-muted ml-1">on 15 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <blockquote> <p>I think the same point as for C++ and Java applies. It's not a 'thing' as far is the user is concerned. Go wild.</p> </blockquote> <p>Well, then that same argument holds for closed shadow trees.</p> </blockquote> <p>Hardly. The DOM is always meaningful, since it represents the user interface/user-facing content in a standardised way. If you give me a DOM (and the relevant styles, admittedly), I can tell you what it represents and do useful things with it. Not so with arbitrary internal private states -- their representation is only meaningful in the context of that specific program.</p> </blockquote> <p>That isn't quite true. A li can be used to represent either an item in a shooping list, a file in the list of uploaded file, etc...<br /> The semantics of each element and content depends heavily on the context in which it exists.</p> <blockquote> <blockquote> <p>It's not really a thing to go into some component's shadow tree and mess with it.</p> </blockquote> <p>I think you may have misinterpreted me: I meant that ECMAScript internal state isn't a virtual object in the mind of the user. DOM elements certainly are. Nonetheless, this is patently false; programs already do this. That you don't like it doesn't make it not a 'thing'. </p> </blockquote> <p>Well, not really. In the presence of closed shadow trees, those scripts don't / can't do this.<br /> Also, just because it's currently done, it's a good idea.</p> <p>For example, we used to write code with goto and label everywhere before higher-level languages were invented.<br /> Do you think a language which hides goto is harmful because it disallows certain use cases?</p> <blockquote> <p>The thing that's made the web so powerful up until now <em>is</em> the DOM. Search engines rely on the DOM. Libraries rely on the DOM. Extensions rely on the DOM. Accessibility programs rely on the DOM. People have been able to re-use huge amounts of code because the underlying objects are all the same, and all accessible.</p> <p>This all dies when your documents are full of opaque <code><main-content></code>s and <code><autocomplete-input></code>s and mine are full of <code><article-body></code>s and <code><filter-dropdown></code>s. Or worse, 'empty' <code><div></code>s. The objects in the DOM can't reliably convey any meaning to cross-document programs, unless they learn to read the developers' minds. This ruins the web.</p> </blockquote> <p>We already live in that world. People are writing apps with a bunch of divs and spans,<br /> and that's completely orthogonal to the concept of closed shadow trees.</p> <blockquote> <p>I'll quote my example from above here, in the hopes that you have a response to it:</p> <blockquote> <p>Suppose a library wanted to provide an easy way to attach keyboard shortcuts to a page, except when the user is entering text into an input (<code><input></code>, <code><textarea></code> <code><* contenteditable="true"></code>, etc.). This library will function incorrectly (ie. interpret input-generating keypresses as keyboard shortcuts) for any pages containing an input inside a closed shadow DOM.</p> </blockquote> </blockquote> <p>What happens when one of the components on a page already implemtns its own keyboard shortcuts?<br /> With an open shadow tree or without a shadow tree at all, this library will go in and add new keyboard shortcuts.</p> <p>This is why it's very important for each component to opt-in to whatever polyfill or library each page is importing. The idea of automatically enhancing an arbitrary component written by a third party quickly fails in practice.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/285965?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rniwa picture"> <strong>rniwa</strong> <span class="text-muted ml-1">on 15 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>This is why it's very important for each component to opt-in to whatever polyfill or library each page is importing. The idea of automatically enhancing an arbitrary component written by a third party quickly fails in practice.</p> </blockquote> <p>This seems to be the only point where we're not looping around the same arguments.</p> <p>Why is it very important for each <em>component</em> to do this? Sometimes it will be what the document author intends and wants; other times not. Can we not find a compromise where the document author gets to decide which scripts can and can't access which shadow DOMs? Then, those authors have a clear idea of what might break if/when a component is updated, and what will not.</p> <p>For example, would there be any issues with extending the script tag so that:</p> <ul> <li><code><script ... shadow-dom="true"></code> allows the script it includes (and any execution it spawns, such as <code>eval</code>s, event listeners, etc.) to access shadow DOMs;</li> <li><code><script ... shadow-dom="false"></code> does not give the script any shadow DOM access (under the same conditions);<br /> <ul><br /> <li>it should also likely restrict scripts it imports to <code>shadow-dom="false"</code></li><br /> </ul></li> <li>possibly <code><script ... shadow-dom="request"></code>, which eg. dispatches an event on the shadow host on <code>.shadowRoot</code> accesses that scripts with <code>shadow-dom=true</code> can catch (<code>event.relatedTarget</code> perhaps being the script element), denying access using <code>event.preventDefault()</code>?<br /> <ul><br /> <li>it should also likely convert scripts it imports from <code>shadow-dom="true"</code> to <code>shadow-dom="request"</code></li><br /> </ul></li> </ul> <p>Adding a <code>with {shadowDom: "true" | "false" | "request"}</code> to the spec. for ECMAScript 6 <code>import</code>s could easily provide the same for those. I also think that a default to <code>false</code> for all scripts would be reasonable in this case, for the reassurances it provides.</p> <p>The major issue I have with closed shadow DOMs is that the decision is made piecemeal, by the developer of each component, and (necessarily) without the complete information of their interactions with each author's document. Giving this control to the author at the script level would seem to give the assurances <em>and</em> flexibility that we want between us.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 16 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Why is it very important for each <em>component</em> to do this? Sometimes it will be what the document author intends and wants; other times not. Can we not find a compromise where the document author gets to decide which scripts can and can't access which shadow DOMs? Then, those authors have a clear idea of what might break if/when a component is updated, and what will not.</p> </blockquote> <p>Because otherwise pages would start depending on the implementation details of components. It's possible, for example, for a graphing component to be implemented using SVG in one iteration and canvas in another. If page's code ever depended on the component using SVG, then the page would break when the component's version gets updated and it starts using canvas instead of SVG.</p> <p>Ultimately, page authors have the power not to use a component which doesn't expose its shadow tree, or demand that they provide some API to mess with component's shadow tree. However, it's very important for the authors of each component to understand that doing so results in its shadow tree's structure being dependent by its users.</p> <p>If the authors of a given component doesn't care about this, or is committed to maintain the backwards compatibility, then they can either not use shadow tree at all, or use an open mode shadow tree.</p> <p>Either case, we don't believe we should give the unilateral power to users of components to decide whether it's okay to intrude into components' shadow tree or not.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/285965?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rniwa picture"> <strong>rniwa</strong> <span class="text-muted ml-1">on 16 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Because otherwise pages would start depending on the implementation details of components.</p> </blockquote> <p>I'm still not horrified by this. Sometimes this is useful and/or necessary.</p> <blockquote> <p>It's possible, for example, for a graphing component to be implemented using SVG in one iteration and canvas in another. If page's code ever depended on the component using SVG, then the page would break when the component's version gets updated and it starts using canvas instead of SVG.</p> </blockquote> <p>If a page breaks, is it not an issue for the page's author, rather than the component developer?</p> <blockquote> <p>However, it's very important for the authors of each component to understand that doing so results in its shadow tree's structure being dependent by its users.</p> </blockquote> <p>If a page depends on its internals, then they've taken that risk that updates will break things. It's their decision and their issue. I'm astounded that this position is controversial.</p> <blockquote> <p>Ultimately, page authors have the power not to use a component which doesn't expose its shadow tree, or demand that they provide some API to mess with component's shadow tree.</p> </blockquote> <p>So you would prefer page authors to beg component developers instead of making the decision themselves?</p> <blockquote> <p>Either case, we don't believe we should give the unilateral power to users of components to decide whether it's okay to intrude into components' shadow tree or not.</p> </blockquote> <p>Why can the component decide to opt them in or out of protections, but the page author themself cannot? The power dynamics of the current situation are really unusual, and don't seem to have any real advantages</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 17 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>The power dynamics of the current situation are really unusual, and don't seem to have any real advantages</p> </blockquote> <p>Especially when you can just:</p> <pre><code class="prettyprint">const oldAttachShadow = HTMLElement.prototype.attachShadow; HTMLElement.prototype.attachShadow = function () { return oldAttachShadow.call(this, { mode: 'open' }); } </code></pre> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars3.githubusercontent.com/u/136556?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="treshugart picture"> <strong>treshugart</strong> <span class="text-muted ml-1">on 17 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>Because otherwise pages would start depending on the implementation details of components.</p> </blockquote> <p>I'm still not horrified by this. Sometimes this is useful and/or necessary.</p> </blockquote> <p>The problem is that we've already seen a <a rel="nofollow noopener" target="_blank" href="https://github.com/w3c/webcomponents/wiki/Shadow-piercing-Combinators-in-the-Wild">similar problem with the shadow piercing combinator</a>.</p> <blockquote> <blockquote> <p>It's possible, for example, for a graphing component to be implemented using SVG in one iteration and canvas in another. If page's code ever depended on the component using SVG, then the page would break when the component's version gets updated and it starts using canvas instead of SVG.</p> </blockquote> <p>If a page breaks, is it not an issue for the page's author, rather than the component developer?</p> </blockquote> <p>The unfortunate reality is that library and framework authors would have to worry about those dependency. We deal with those issues all over the place in AppKit and UIKit or even WebKit / WebKit2 themselves embedded in other applications, and it imposes serious constrains on what we can and cannot change in our implementations.</p> <p>And there is evidence after evidence that this is an issue throughout the industry as I've already enumerated a few.</p> <blockquote> <blockquote> <p>However, it's very important for the authors of each component to understand that doing so results in its shadow tree's structure being dependent by its users.</p> </blockquote> <p>If a page depends on its internals, then they've taken that risk that updates will break things. It's their decision and their issue. I'm astounded that this position is controversial.</p> </blockquote> <p>The problem is that it quickly becomes library & framework author's problem once enough websites decide to take that risk.</p> <blockquote> <blockquote> <p>Ultimately, page authors have the power not to use a component which doesn't expose its shadow tree, or demand that they provide some API to mess with component's shadow tree.</p> </blockquote> <p>So you would prefer page authors to beg component developers instead of making the decision themselves?</p> </blockquote> <p>Yes. They don't even have to beg. Don't use a badly written component, or a component you don't like. Nobody is forcing you to use a component that you don't like so much that you want to go in & modify its shadow tree.</p> <blockquote> <blockquote> <p>Either case, we don't believe we should give the unilateral power to users of components to decide whether it's okay to intrude into components' shadow tree or not.</p> </blockquote> <p>Why can the component decide to opt them in or out of protections, but the page author themself cannot? The power dynamics of the current situation are really unusual, and don't seem to have any real advantages</p> </blockquote> <p>Because they're the one writing a component? If the license allows, page author can just copy / fork the component and modify its script not to use a shadow tree or make it use an open shadow tree; or better yet, directly make necessary changes desired on a particular website.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/285965?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rniwa picture"> <strong>rniwa</strong> <span class="text-muted ml-1">on 17 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>The problem is that we've already seen a <a rel="nofollow noopener" target="_blank" href="https://github.com/w3c/webcomponents/wiki/Shadow-piercing-Combinators-in-the-Wild">similar problem with the shadow piercing combinator</a>.</p> </blockquote> <p>I can't necessarily see that these are problems. Allowing a document author to theme a component, or to use a library that does so, seem like completely reasonable use cases. That shadow DOMs prevent the <em>unintentional</em> downward leaking of styles is excellent, but it shouldn't mean that they should be completely unstylable from the outside.</p> <p>(Also, the <code>:part()</code> selector seemed like a nice go-between for component theming: well-specified components can be styled in a non-implementation-dependent way, and under-specified components can still be styled by <code>/deep/</code>.)</p> <blockquote> <blockquote> <p>If a page breaks, is it not an issue for the page's author, rather than the component developer?</p> </blockquote> <p>The unfortunate reality is that library and framework authors would have to worry about those dependency. We deal with those issues all over the place in AppKit and UIKit or even WebKit / WebKit2 themselves embedded in other applications, and it imposes serious constrains on what we can and cannot change in our implementations.</p> </blockquote> <p>I think the comparison with AppKit/UIKit and the WebKits is misleading. Since the AppKit/UIKit components are the lowest-level UI components (and the lowest-level, well-specified, reliable API to these components), the comparison should be with UA's native elements.</p> <p>I'll happily agree with <a rel="nofollow noopener" target="_blank" href="https://github.com/w3c/webcomponents/issues/640#issuecomment-301070698"><strong>@dylanb</strong>'s statement</a> that UA elements <em>should not</em> expose their shadow DOMs, and by analogy that AppKit/UIKit should not expose their internals, since they are not described in a well-specified, reliably manipulated format. (WebKit is another beast, and an entire browser engine is far removed from a DOM, so any comparisons there are sketchy at best.)</p> <p>We don't and can't expect to hold non-UA component developers to the same standards as UA component developers, so it's hard to justify giving them the same carte blanche.</p> <blockquote> <p>The problem is that it quickly becomes library & framework author's problem once enough websites decide to take that risk.</p> </blockquote> <p>Beyond styling, it doesn't seem likely that many websites will depend on specific implementation details of specific components -- it's quite a headache to retrofit extras into an existing custom element so they're more likely to just modify it directly. For e.g. analytics libraries, or any of my other examples, the code is component-agnostic, and so the implementation can change without breaking anything.</p> <blockquote> <p>Don't use a badly written component, or a component you don't like. Nobody is forcing you to use a component that you don't like so much that you want to go in & modify its shadow tree.</p> </blockquote> <p>This argument looks reasonable at first, but once you consider vendor lock-in, things start to change. If you want to add e.g. twitter integration to your document and their component is under-specified, your only option is put up and shut up.</p> <blockquote> <p>page author can just copy / fork the component and modify its script not to use a shadow tree</p> </blockquote> <p>This seems like an inconvenient and roundabout way of achieving the same behaviour as my proposal, except without the fine-grained control. If the developer wants to make changes to the component, then yes, they should fork and modify. If they plan to use its DOM for any other purpose, having to modify the component for mere access seems unduly heavy-handed.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 18 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@matthewp</strong> </p> <blockquote> <p>I disagree completely <strong>@mrmr1993</strong>, closed shadow DOMs just give developers the same abilities that built-in elements have. If a new built-in form element were created then Vimium wouldn't work with it either. The solution here is to define an interface to interact with form elements that is generic enough that Vimium and others don't need to special case for every element type. These are the events to listen to changes and the properties to get/set the element's underlying value. There's no reason why if my custom element (with a closed shadow) emitted those events and had the correct properties why Vimium wouldn't just work with those.</p> </blockquote> <p>There are a bunch of conditions that hold for the standard HTML elements that do not hold for custom elements</p> <ol> <li><p>Their APIs are very rich and standardized. The ways that other parts of the standard can interact with them is well thought through and relatively complete. They provide open, consistent and standardized APIs that allow interaction with them</p></li> <li><p>They can (for the most part) be relied upon to support accessibility APIs and keyboard interaction</p></li> <li><p>You can implement polyfills and other interactions purely in JavaScript without any limitations</p></li> </ol> <p>All of these things mean that there are very few (I do not exclude the possibility, but cannot think of any) situations that have not already been identified (and are being worked on) where a document author would legitimately like to look inside and reach inside the shadow DOM.</p> <p>We cannot predict the ways the shadow DOM spec will be used by developers (just like we could not predict how HTML would be used by developers) and therefore, we cannot claim that the same will even remotely be possible with custom components that use shadow DOM.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars3.githubusercontent.com/u/79245?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dylanb picture"> <strong>dylanb</strong> <span class="text-muted ml-1">on 18 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>I think the comparison with AppKit/UIKit and the WebKits is misleading. Since the AppKit/UIKit components are the lowest-level UI components (and the lowest-level, well-specified, reliable API to these components), the comparison should be with UA's native elements.</p> </blockquote> <p>We can agree to disagree on this point, and say this is a difference in our opinions.</p> <blockquote> <p>I'll happily agree with <a rel="nofollow noopener" target="_blank" href="https://github.com/w3c/webcomponents/issues/640#issuecomment-301070698"><strong>@dylanb</strong>'s statement</a> that UA elements <em>should not</em> expose their shadow DOMs, and by analogy that AppKit/UIKit should not expose their internals, since they are not described in a well-specified, reliably manipulated format. (WebKit is another beast, and an entire browser engine is far removed from a DOM, so any comparisons there are sketchy at best.)</p> <p>We don't and can't expect to hold non-UA component developers to the same standards as UA component developers, so it's hard to justify giving them the same carte blanche.</p> </blockquote> <p>Why not?</p> <blockquote> <blockquote> <p>Don't use a badly written component, or a component you don't like. Nobody is forcing you to use a component that you don't like so much that you want to go in & modify its shadow tree.</p> </blockquote> <p>This argument looks reasonable at first, but once you consider vendor lock-in, things start to change. If you want to add e.g. twitter integration to your document and their component is under-specified, your only option is put up and shut up.</p> </blockquote> <p>We already live in that world. If some social network only provides their social engagement widget in HTTP, for example, there is nothing you can do to make them use HTTPS instead. Also, social networks have incentives to make their widgets not customizable for branding purposes. Allowing random websites to allow changing the color of the buttons, etc... would be detrimental to their branding & marketing effort for example. Again, this should really be left to each social network site to decide. If one doesn't like the default UI provided by a social network, once could either not put their widget or use a hyperlink with a custom UI, etc...</p> <blockquote> <blockquote> <p>page author can just copy / fork the component and modify its script not to use a shadow tree</p> </blockquote> <p>This seems like an inconvenient and roundabout way of achieving the same behaviour as my proposal, except without the fine-grained control. If the developer wants to make changes to the component, then yes, they should fork and modify. If they plan to use its DOM for any other purpose, having to modify the component for mere access seems unduly heavy-handed.</p> </blockquote> <p>This whole argument hinges on the existence of such a convincing use case in which developers try to access and mutate shadow tree, yet nobody has given one so the premise of the statement has not been well established.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/285965?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rniwa picture"> <strong>rniwa</strong> <span class="text-muted ml-1">on 19 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Here is a very useful polyfill that will not work for custom components with closed shadow DOM <a rel="nofollow noopener" target="_blank" href="https://github.com/WICG/inert/blob/master/src/inert.js">https://github.com/WICG/inert/blob/master/src/inert.js</a></p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars3.githubusercontent.com/u/79245?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dylanb picture"> <strong>dylanb</strong> <span class="text-muted ml-1">on 19 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Here is a very useful polyfill that will not work for custom components with closed shadow DOM <a rel="nofollow noopener" target="_blank" href="https://github.com/WICG/inert/blob/master/src/inert.js">https://github.com/WICG/inert/blob/master/src/inert.js</a></p> </blockquote> <p>For the hundredth time, I don't think polyfill should automatically work inside a shadow tree. If a component wasn't written with that polyfill in mind, what's the point of making it work in its shadow tree? It won't be using the polyfilled feature anyway. If it was written with the assumption that some feature is available in all browsers but it isn't, then that component should itself be including that polyfill.</p> <p>I don't think it's productive for you to keep posting a polyfill as an example. We would never be convinced that it's a compelling use case for not having closed shadow trees.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/285965?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rniwa picture"> <strong>rniwa</strong> <span class="text-muted ml-1">on 19 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>I think the comparison with AppKit/UIKit and the WebKits is misleading. Since the AppKit/UIKit components are the lowest-level UI components (and the lowest-level, well-specified, reliable API to these components), the comparison should be with UA's native elements.</p> </blockquote> <p>We can agree to disagree on this point, and say this is a difference in our opinions.</p> </blockquote> <p>Since this is your basis for disagreeing with the proposal, I struggle to let it go. Could you clarify how the AppKit or UIKit components are comparable to custom elements with (edit:) ~closed~ shadow roots in ways they are not comparable to UA native elements?</p> <blockquote> <blockquote> <p>We don't and can't expect to hold non-UA component developers to the same standards as UA component developers, so it's hard to justify giving them the same carte blanche.</p> </blockquote> <p>Why not?</p> </blockquote> <p>In theory? There are a long tail of developers where we might expect consistency and competence to degrade. In practise? Experience.</p> <blockquote> <p>We already live in that world. If some social network only provides their social engagement widget in HTTP, for example, there is nothing you can do to make them use HTTPS instead.</p> </blockquote> <p>Sure. That's bad. I'm even less inclined to surrender them complete control over parts of the DOM on this basis.</p> <blockquote> <p>Also, social networks have incentives to make their widgets not customizable for branding purposes. Allowing random websites to allow changing the color of the buttons, etc... would be detrimental to their branding & marketing effort for example.</p> </blockquote> <p>Web standards are not the place to enforce trademarks, nor licensing arrangements or other branding concerns. These also don't preclude under-specification in other aspects.</p> <blockquote> <p>Again, this should really be left to each social network site to decide. If one doesn't like the default UI provided by a social network, once could either not put their widget or use a hyperlink with a custom UI, etc...</p> </blockquote> <p>Only if a sufficient hyperlink exists. Otherwise, I think 'put up and shut up' is a fair appraisal.</p> <blockquote> <p>This whole argument hinges on the existence of such a convincing use case in which developers try to access and mutate shadow tree, yet nobody has given one so the premise of the statement has not been well established.</p> </blockquote> <p>In my opinion, several were given in the original issue.</p> <p>Nonetheless: a great many websites monitor the actions a user takes, in order to calculate what made their interactions successful/failures. If these analytics record in insufficient detail -- or even fail to record -- actions in shadow DOMs, then document authors are measurably damaged by shadow DOMs, and have a convincing use case for inspecting both them and the user's interactions with them.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 19 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <blockquote> <p>I think the comparison with AppKit/UIKit and the WebKits is misleading. Since the AppKit/UIKit components are the lowest-level UI components (and the lowest-level, well-specified, reliable API to these components), the comparison should be with UA's native elements.</p> </blockquote> <p>We can agree to disagree on this point, and say this is a difference in our opinions.</p> </blockquote> <p>Since this is your basis for disagreeing with the proposal, I struggle to let it go. Could you clarify how the AppKit or UIKit components are comparable to custom elements with closed shadow roots in ways they are not comparable to UA native elements?</p> </blockquote> <p>Because we see web components something akin to views in UIKit and windows in Win32 API. But this is just one perspective and heavily subjective matter so I don't think keep discussing this matter is useful. At the end of the day, we don't really need to convince one or other; we just need to move the standards forward based on rough consensus.</p> <blockquote> <blockquote> <p>Also, social networks have incentives to make their widgets not customizable for branding purposes. Allowing random websites to allow changing the color of the buttons, etc... would be detrimental to their branding & marketing effort for example.</p> </blockquote> <p>Web standards are not the place to enforce trademarks, nor licensing arrangements or other branding concerns. These also don't preclude under-specification in other aspects.</p> </blockquote> <p>Right, but we also have to take different parties' incentives into mind. Any feature is not useful if parties that are supposed to enforce the policy doesn't have an incentive to do so.</p> <blockquote> <blockquote> <p>This whole argument hinges on the existence of such a convincing use case in which developers try to access and mutate shadow tree, yet nobody has given one so the premise of the statement has not been well established.</p> </blockquote> <p>In my opinion, several were given in the original issue.</p> </blockquote> <p>Again, we can agree to disagree on this. Since if we had accepted your use cases or you had accepted that there were no good use cases, then we wouldn't be having this conversation in the first place.</p> <blockquote> <p>Nonetheless: a great many websites monitor the actions a user takes, in order to calculate what made their interactions successful/failures. If these analytics record in insufficient detail -- or even fail to record -- actions in shadow DOMs, then document authors are measurably damaged by shadow DOMs, and have a convincing use case for inspecting both them and the user's interactions with them.</p> </blockquote> <p>Why? Regardless of the mode, mouse and keyboard events that got dispatched inside a shadow tree will propagate outside the shadow tree unless they're stopped to propagate.</p> <p>By the way, that's a much better use case than polyfills or anything else presented thus far if it were true that you couldn't observe mouse and keyboard events that happen within a shadow tree. But that isn't. We specifically made mouse, keyboard, and other kinds of events that stem from user interaction composed so that web pages can observe them.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/285965?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rniwa picture"> <strong>rniwa</strong> <span class="text-muted ml-1">on 19 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Because we see web components something akin to views in UIKit and windows in Win32 API. But this is just one perspective and heavily subjective matter so I don't think keep discussing this matter is useful.</p> </blockquote> <p>More than anything, I'm trying to understand. I can't see how the DOM is deficient (if not better) as compared to its UIKit and Win32 analogues under my proposal.</p> <blockquote> <p>At the end of the day, we don't really need to convince one or other; we just need to move the standards forward based on rough consensus.</p> </blockquote> <p>Great! Hopefully we can move the standards forward towards my proposal. I'll start making efforts to build rough consensus on this.</p> <blockquote> <p>we also have to take different parties' incentives into mind. Any feature is not useful if parties that are supposed to enforce the policy doesn't have an incentive to do so.</p> </blockquote> <p>I'm accustomed to "useful" meaning that things may be used to achieve something productive that wasn't possible/as easy without it.</p> <p>Perhaps you are proposing that we should remove the <code><video></code> element, since "parties that are supposed to enforce the policy [of video copyright] doesn't have an incentive to do so";<br /> the <code><img></code> element, since "parties that are supposed to enforce the policy [of image copyright] doesn't have an incentive to do so";<br /> and DOM text APIs, since "parties that are supposed to enforce the policy [of literary copyright] doesn't have an incentive to do so".<br /> I am not an advocate of this position.</p> <blockquote> <p>Why? Regardless of the mode, mouse and keyboard events that got dispatched inside a shadow tree will propagate outside the shadow tree unless they're stopped to propagate.</p> </blockquote> <p>If the component has any kind of complex state and/or user-specific variation, it can become extremely hard to reverse engineer what these meant originally. This seems like a waste, when the information could have all been there to start with.</p> <p>I'll also mentioned nested scrolling elements in passing, to highlight how non-trivial this might be for stateless, user-agnostic components.</p> <blockquote> <p>By the way, that's a much better use case than polyfills or anything else presented thus far ...</p> </blockquote> <p>I still maintain that a page should be able to provide keyboard shortcuts without munging user input into components' inputs.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 19 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Perhaps you are proposing that we should remove the <code><video></code> element, since "parties that are supposed to enforce the policy [of video copyright] doesn't have an incentive to do so";<br /> the <code><img></code> element, since "parties that are supposed to enforce the policy [of image copyright] doesn't have an incentive to do so";<br /> and DOM text APIs, since "parties that are supposed to enforce the policy [of literary copyright] doesn't have an incentive to do so".<br /> I am not an advocate of this position.</p> </blockquote> <p>That's not all all what I'm saying. The point you were making is that with closed shadow trees, it's hard to modify components made by social networks. I'm saying that given they have incentives not to let this happen, they can already make this hard e.g. by using a cross origin iframe. They can also add a licensing terms which prohibits you from messing with their UI, etc... So your argument that closed shadow tree makes it harder for third party page authors to customize those social widgets isn't convincing given that social networks can already circumvent this, and even in the presence of shadow trees, page authors can still use a hyperlink or simply override <code>Element.prototype.attachShadow</code> before those social widgets are loaded as the last resort.</p> <blockquote> <blockquote> <p>Why? Regardless of the mode, mouse and keyboard events that got dispatched inside a shadow tree will propagate outside the shadow tree unless they're stopped to propagate.</p> </blockquote> <p>If the component has any kind of complex state and/or user-specific variation, it can become extremely hard to reverse engineer what these meant originally. This seems like a waste, when the information could have all been there to start with.</p> </blockquote> <p>That's precisely what encapsulation should hide. Those semantics should be communicated via ARIA attributes, slotted contents, public methods, etc... of custom elements.</p> <blockquote> <blockquote> <p>By the way, that's a much better use case than polyfills or anything else presented thus far ...</p> </blockquote> <p>I still maintain that a page should be able to provide keyboard shortcuts without munging user input into components' inputs.</p> </blockquote> <p>And I would disagree to that position.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/285965?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rniwa picture"> <strong>rniwa</strong> <span class="text-muted ml-1">on 19 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@rniwa</strong> </p> <blockquote> <p>For the hundredth time, I don't think polyfill should automatically work inside a shadow tree. If a component wasn't written with that polyfill in mind, what's the point of making it work in its shadow tree? It won't be using the polyfilled feature anyway. If it was written with the assumption that some feature is available in all browsers but it isn't, then that component should itself be including that polyfill.</p> <p>I don't think it's productive for you to keep posting a polyfill as an example. We would never be convinced that it's a compelling use case for not having closed shadow trees.</p> </blockquote> <p>Well I disagree. Have you asked the writers and users of that polyfill what they think? Their opinion matters much more than yours does.</p> <p><strong>@robdodson</strong> <strong>@alice</strong> What do you think about closed shadow DOM making your polyfill impossible to implement for custom controls?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars3.githubusercontent.com/u/79245?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dylanb picture"> <strong>dylanb</strong> <span class="text-muted ml-1">on 19 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Well I disagree. Have you asked the writers and users of that polyfill what they think? Their opinion matters much more than yours does.</p> </blockquote> <p>Well, we can keep agree to disagree on this. What matters most, to us, is the opinions of component authors and page authors. The opinions of polyfill authors has a lot less weight compared to those two to us.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/285965?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rniwa picture"> <strong>rniwa</strong> <span class="text-muted ml-1">on 19 May 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@dylanb</strong> <strong>@mrmr1993</strong> I'm a webcomponent author (and sometimes a polyfill author) and the biggest advantage of using a closed shadow tree, for me, is knowing that I can make internal changes to my component without compromising its integrity in the wild.</p> <p>Let's say, for instance, I release my amazing component, which is self hosted on my domain at path <code>/components/Amazing/1/Amazing.js</code>. Any web page author can use it by referencing this script. Now, let's say that there's an edge case bug which can be easily fixed by changing the internal DOM in my component in some way. If my tree is closed and I want to make this change, I can do so transparently by updating the script at its current URL. If it's open and I want to make this change, I have to concern myself with how this may affect sites using the component and possibly make a separate, opt-in release, which will leave instances of the buggy version out in the wild on 3rd-party websites.</p> <p>This is not me "telling kids to get off my lawn". This is me having peace of mind and not painting myself into a corner. This is where you can draw a parallel with UA-defined components. By keeping their internal tree hidden, they don't need to worry about breaking things when they change that internal tree. You both indicated that a UA should be allowed this privilege, but a component author should not, which I find extremely puzzling!</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars3.githubusercontent.com/u/1826067?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="andyearnshaw picture"> <strong>andyearnshaw</strong> <span class="text-muted ml-1">on 22 May 2017</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Well I disagree. Have you asked the writers and users of that polyfill what they think? Their opinion matters much more than yours does.</p> </blockquote> <p>the point here is, he's hardly alone...</p> <p>This question have already been solved and it's again and again showing up by people, who think, they should have full control over 3rd party component. This is what it boils down to, the control... usecases (polyfills, keyboard shortcuts) are just examples of that. The point is it's always the author, who should have full control. By law and by tradition. If he/she chooses to release under public licence and /open/ mode, it's his/her call, if he chooses to release it under "do not touch the internals" and /closed/ mode, it's again his/her call. Page author must respect this choice, the choice he/she has is whether to use it, or not. The simple fact, that someone wants to poke inside component actually means nothing, regardless of how "good" reason they thing they have.<br /> I am not saying, that license and open/closed are the same (licence can allow source code changes), I'm pointing out, that the choice, of both, is component's author in the first place, not anyone else.</p> <p>there is a lot of "I do not agree here", the fact is, that while the need for /closed/ was agreed by majority, the need for total DOM control was not. This was never search for 100% agreement. There were always arguments about control/visibility. The component developers choice may mean very little to you, but it means very much for majority. The need of private states outweighs the fact, that some code will not work as originally intended. </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/13207465?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="BronislavKlucka picture"> <strong>BronislavKlucka</strong> <span class="text-muted ml-1">on 23 May 2017</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Would a way to <a rel="nofollow noopener" target="_blank" href="https://github.com/w3c/webcomponents/issues/516">access the composed tree</a> be helpful?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars3.githubusercontent.com/u/297678?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="trusktr picture"> <strong>trusktr</strong> <span class="text-muted ml-1">on 22 Jul 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@trusktr</strong> I asked for this years ago...it would solve some of the issues raised</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars3.githubusercontent.com/u/79245?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dylanb picture"> <strong>dylanb</strong> <span class="text-muted ml-1">on 22 Jul 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>Edit:</strong> Just pretend this doesn't exist.</p> <p><summary>Poof!</summary><br /> <details><s><br /> May I add a couple legitimate use cases for hard-private, inaccessible DOM: *</p> <ol> <li>Guarding an <code><input type="username"></code>/<code><input type="password"></code> from successful script injection and/or malicious extensions.</li> <li>Hiding sensitive information like exposed financial data or one-time tokens from successful script injection and/or untrusted extensions.</li> </ol> <p>Currently, all it takes is a single successful XSS attack to literally read a user's password as they type it, and a payload doesn't have to be large.** The only way to stop it at this stage is via CSP policy, and some form of MITM mitigation like TLS (assuming the attacker doesn't catch the initial connection).</p> <p>Of course, browsers could (and still) should offer APIs for password managers, screen readers, etc. to read such inaccessible text, but it should be guarded by a permission instead of just being wide open to all.</p> <hr /> <p>* I'm by no means a security expert. I'm just super security conscious, and I like to be more proactive in my opsec. (No, I don't like writing exploits, and that's part of why I immediately deleted and did not post the payload referenced below.)</p> <p>** I created within 30 minutes just now an easily modifiable, rudimentary payload for pages with single <code><form></code>s that's <300 bytes raw, <350 bytes encoded with <code>encodeURIComponent</code>, which can send the submitted password to a C&C server on submit without any way to stop it. The fact I'm just a security-conscious web developer who almost never writes exploits for anything outside of tests should tell you how easy it is to do once you're in.<br /> </s></details></p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/4483844?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="isiahmeadows picture"> <strong>isiahmeadows</strong> <span class="text-muted ml-1">on 12 Oct 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>May I add a couple legitimate use cases for hard-private, inaccessible DOM</p> </blockquote> <p><strong>@isiahmeadows</strong> please do</p> <blockquote> <p>Guarding an <code><input type="username"></code>/<code><input type="password"></code> from successful script injection and/or malicious extensions.</p> </blockquote> <p>This is not something the shadow DOM was created for, and it doesn't give any <em>guarantees</em> of security. To quote from an <a rel="nofollow noopener" target="_blank" href="https://lists.w3.org/Archives/Public/public-webapps/2014JanMar/0333.html">earlier email</a> on the topic:</p> <blockquote> <blockquote> <p>Stay after class and write 100 times on the board: "Type 2 is not a security boundary".</p> </blockquote> </blockquote> <blockquote> <p>Currently, all it takes is a single successful XSS attack to literally read a user's password as they type it[...] The only way to stop it at this stage is via CSP policy, and some form of MITM mitigation like TLS</p> </blockquote> <p>This is also a problem with (session) cookies, etc. A properly set CSP is the way to make these guarantees. If you are MITM-ed, game over anyway.</p> <p>Shadow DOM may help in this way, but it's not the intention of the design, and I don't think it's a good argument for closed shadow DOMs.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 12 Oct 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@mrmr1993</strong> </p> <blockquote> <p>This is not something the shadow DOM was created for, and it doesn't give any guarantees of security.<br /> [quote...]</p> </blockquote> <p>Would using a local, unexposed weakmap mitigate that?</p> <blockquote> <p>This is also a problem with (session) cookies, etc. A properly set CSP is the way to make these guarantees. If you are MITM-ed, game over anyway.</p> </blockquote> <p>Very true, especially if they catch you establishing the initial connection (as ISPs have been known to do). The only way you can really hope to side-step it at all is through dedicated protocols like Signal.</p> <blockquote> <p>Shadow DOM may help in this way, but it's not the intention of the design, and I don't think it's a good argument for closed shadow DOMs.</p> </blockquote> <p>Agreed, and it's like trying to apply duck tape to a broken structural support. Maybe 1% of the time, it actually works, but the other 99% of the time, you've got bigger problems than just that one break.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/4483844?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="isiahmeadows picture"> <strong>isiahmeadows</strong> <span class="text-muted ml-1">on 12 Oct 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Would using a local, unexposed weakmap mitigate that?</p> </blockquote> <p><strong>@isiahmeadows</strong> Using it for what? My instinct is no: closed shadow DOM creation can be circumvented (depending on order of script execution), and it is easy to leak the shadow root, intentionally or not. Obviously, if your code is careful and you can ensure that no XSS script can run before you get your reference to <code>Element.prototype.attachShadow</code>, then the (IMO harmful) behaviour of closed shadow roots should be as specified.</p> <p>I'll leave the rest of your comment; I don't think this is the place to discuss network vulnerabilities/mitigations.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 12 Oct 2017</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>OP is basically a non-starter; closed shadow trees were a necessary part of getting shadow trees at all. It's not realistic to expect them to go away at this point; see the long mailing list threads on the topic. I'm therefore going to close this issue.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars0.githubusercontent.com/u/1544111?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="annevk picture"> <strong>annevk</strong> <span class="text-muted ml-1">on 18 Feb 2018</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Pity, they still have the potential to ruin browser extensions for Chrome/Firefox/Edge. Since Firefox is planning to land in the next development version and Edge has it in the works, we should start seeing usage in sites and the corresponding breakage.</p> <p>I've opened a FF issue <a rel="nofollow noopener" target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1439153">here</a>, which will hopefully influence the WebExtensions spec too, but I've possibly left it too late for a fix before it lands. I haven't done anything for WebDriver, or for Chrome/Edge extensions.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars1.githubusercontent.com/u/1847343?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mrmr1993 picture"> <strong>mrmr1993</strong> <span class="text-muted ml-1">on 19 Feb 2018</span> </div> <div class="col text-right"> </div> </div> </div> </div> </div> <div class="col-12"> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown text-center helpful"> <div class="title">Was this page helpful?</div> <div class="mt-1" onMouseLeave="rating(227085134, 0);"> <i class="fas fa-star inactive" id="star-1" onMouseOver="rating(227085134, 1);" onclick="rate(227085134, 1);"></i> <i class="fas fa-star inactive" id="star-2" onMouseOver="rating(227085134, 2);" onclick="rate(227085134, 2);"></i> <i class="fas fa-star inactive" id="star-3" onMouseOver="rating(227085134, 3);" onclick="rate(227085134, 3);"></i> <i class="fas fa-star inactive" id="star-4" onMouseOver="rating(227085134, 4);" onclick="rate(227085134, 4);"></i> <i class="fas fa-star inactive" id="star-5" onMouseOver="rating(227085134, 5);" onclick="rate(227085134, 5);"></i> </div> <div class="description text-small"><span id="rating-val">0</span> / 5 - <span id="rating-count">0</span> ratings</div> </div> </div> <div class="mb-4"> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-3835332123789605" data-ad-slot="3452512275" data-ad-format="auto" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </div> </div> </div> </div> <div class="col-12 col-lg-4"> <div id="ph-above-related"></div> <div class="card card-custom issue-box"> <div class="card-body pt-3 pb-5"> <h2 class="mb-4">Related issues</h2> <div> <strong> <a href="/webcomponents/272997484/templates-implement-a-polyfill-of-template-instantiation">[templates] implement a polyfill of template-instantiation before even considering to add the API natively to the platform</a> </strong> </div> <div class="text-muted text-small mt-2"> <img src="https://avatars2.githubusercontent.com/u/9219935?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="smaug---- picture"> <strong class="pr-1" dir="ltr">smaug----</strong>  ·  <span class="px-1" dir="ltr">4</span><span>Comments</span> </div> <hr /> <div> <strong> <a href="/webcomponents/459501986/updating-element-registration">Updating Element Registration. </a> </strong> </div> <div class="text-muted text-small mt-2"> <img src="https://avatars1.githubusercontent.com/u/833927?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="pshihn picture"> <strong class="pr-1" dir="ltr">pshihn</strong>  ·  <span class="px-1" dir="ltr">6</span><span>Comments</span> </div> <hr /> <div> <strong> <a href="/webcomponents/462158315/idea-expose-and-api-for-syncing-attributes-and-properties">[idea] Expose and API for syncing attributes and properties</a> </strong> </div> <div class="text-muted text-small mt-2"> <img src="https://avatars0.githubusercontent.com/u/3129393?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="calebdwilliams picture"> <strong class="pr-1" dir="ltr">calebdwilliams</strong>  ·  <span class="px-1" dir="ltr">6</span><span>Comments</span> </div> <hr /> <div> <strong> <a href="/webcomponents/244819042/question-why-are-we-unable-to-build-web-components-from-svg">[question] Why are we unable to build web components from SVG elements?</a> </strong> </div> <div class="text-muted text-small mt-2"> <img src="https://avatars3.githubusercontent.com/u/297678?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="trusktr picture"> <strong class="pr-1" dir="ltr">trusktr</strong>  ·  <span class="px-1" dir="ltr">4</span><span>Comments</span> </div> <hr /> <div> <strong> <a href="/webcomponents/255191221/upstreaming-shadow-dom-and-outstanding-v1-work">Upstreaming Shadow DOM and outstanding v1 work</a> </strong> </div> <div class="text-muted text-small mt-2"> <img src="https://avatars0.githubusercontent.com/u/1544111?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="annevk picture"> <strong class="pr-1" dir="ltr">annevk</strong>  ·  <span class="px-1" dir="ltr">5</span><span>Comments</span> </div> </div> </div> <div class="sticky-top pt-4"> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-3835332123789605" data-ad-slot="3919948963" data-ad-format="auto" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> <div id="ph-below-related-2" class="mt-4"> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-3835332123789605" data-ad-slot="3919948963" data-ad-format="auto" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </div> </div> </div> <div class="col-12 col-lg-4"> </div> </div> <div class="skyscraper-container"> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-3835332123789605" data-ad-slot="7879185320" data-ad-format="vertical" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </div> </div> <div class="mt-5 spacer"></div> <footer class="mt-5 pb-2 py-4 text-center mt-auto"> <div class="container"> <a class="navbar-brand logo mr-5" href="/"> <img src="/assets/img/logo.svg" width="40" height="40" alt="bleepingcoder logo"> bleeping<strong>coder</strong> </a> <div class="mt-4"> bleepingcoder.com uses publicly licensed GitHub information to provide developers around the world with solutions to their problems. We are not affiliated with GitHub, Inc. or with any developers who use GitHub for their projects. We do not host any of the videos or images on our servers. All rights belong to their respective owners. </div> <div> Source for this page: <a href="https://www.github.com/WICG/webcomponents/issues/640" rel="nofollow noreferrer" target="_blank">Source</a> </div> </div> <hr class="mb-5 mt-5"> <div class="container"> <div class="row"> <div class="col-sm-4 col-lg mb-sm-0 mb-5"> <strong>Popular programming languages</strong> <ul class="list-unstyled mb-0 mt-2"> <li class="mb-2"> <a href="/python" dir="ltr">Python</a> </li> <li class="mb-2"> <a href="/javascript" dir="ltr">JavaScript</a> </li> <li class="mb-2"> <a href="/typescript" dir="ltr">TypeScript</a> </li> <li class="mb-2"> <a href="/cpp" dir="ltr">C++</a> </li> <li class="mb-2"> <a href="/csharp" dir="ltr">C#</a> </li> </ul> </div> <div class="col-sm-4 col-lg mb-sm-0 mb-5"> <strong>Popular GitHub projects</strong> <ul class="list-unstyled mb-0 mt-2"> <li class="mb-2"> <a href="/microsoft/vscode" dir="ltr">vscode</a> </li> <li class="mb-2"> <a href="/numpy/numpy" dir="ltr">numpy</a> </li> <li class="mb-2"> <a href="/ant-design/ant-design" dir="ltr">ant-design</a> </li> <li class="mb-2"> <a href="/mui-org/material-ui" dir="ltr">material-ui</a> </li> <li class="mb-2"> <a href="/vercel/next-js" dir="ltr">next.js</a> </li> </ul> </div> <div class="col-sm-4 col-lg mb-0"> <strong>More GitHub projects</strong> <ul class="list-unstyled mb-0 mt-2"> <li class="mb-2"> <a href="/rust-lang/rust" dir="ltr">rust</a> </li> <li class="mb-2"> <a href="/moment/moment" dir="ltr">moment</a> </li> <li class="mb-2"> <a href="/yarnpkg/yarn" dir="ltr">yarn</a> </li> <li class="mb-2"> <a href="/mozilla/pdf-js" dir="ltr">pdf.js</a> </li> <li class="mb-2"> <a href="/JuliaLang/julia" dir="ltr">julia</a> </li> </ul> </div> </div> </div> <hr class="mb-5 mt-5"> <div class="container text-muted"> © 2026 bleepingcoder.com - <a href="/bleeps" rel="nofollow">Contact</a><br /> By using our site, you acknowledge that you have read and understand our <a href="/cookies" rel="nofollow">Cookie Policy</a> and <a href="/privacy" rel="nofollow">Privacy Policy</a>. </div> </footer> <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha256-4+XzXVhsDmqanXGHaHvgh1gMQKX40OUvDEBTu8JcmNs=" crossorigin="anonymous"></script> <script async src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script> <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js" integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6" crossorigin="anonymous"></script> <!--<script defer type="text/javascript" src="//s7.addthis.com/js/300/addthis_widget.js#pubid=ra-5fb2db66acbd74b2"></script>--> <script type="text/javascript" src="/assets/js/main.js"></script> <script src="https://cdn.jsdelivr.net/gh/google/code-prettify@master/loader/run_prettify.js"></script></body> </html>