Shadow DOM and <iframe> #763
Comments
|
For history API, let the discussion go in WICG/webcomponents#184. For named properties, do we agree that anything in shadow tree should not show up? Related, For link targeting, I agree that For |
|
Yeah, the named properties and indexed properties should not point to anything in a shadow tree (note that |
|
Aha, okay, I have a bad memory - I commented in WICG/webcomponents#180. I'd like to confirm
|
|
I'm not quite sure what you mean by |
|
I was assuming the following HTML: <base target="myframe">
<a href="http://foo">foo</a>
<div>
#shadow-root
<a href="http://bar">bar</a>
<iframe name="myframe"></iframe>
</div>Clicking on "foo" will navigate the whole document to foo, and clicking on "bar" will also navigate |
|
That probably makes sense, yes. |
|
Updated OP with an additional bullet about inertness. That one is easy to fix, at least. |
|
TPAC F2F note: |
|
Tentative model: shadow roots have their own name bucket and any popups they end up opening should probably be restricted to that shadow root (would only work for |
|
Quick comment here, as it came up from an internal bug, on the question of named properties on the It seems that #1625 attempted to codify WICG/webcomponents#145 this way, so the spec should (?) match the current behavior of WebKit/Chromium. I couldn't find a Mozilla bug, so I filed this one. Let me know if I'm wrong about the above. |
|
Another followup comment on this issue. The fact that even open shadow roots hide any contained frames seems to preclude some natural use cases. Consider the example where sibling (cross-origin) iframes want to communicate with each other: <div class="container">
<iframe src="cross-origin1.html"></iframe>
<iframe src="foo" name="frame2"></iframe>
</div>with cross-origin1.html containing: window.frames['frame2'].postMessage('bar');This works great without Shadow DOM. But this completely breaks if anywhere in the ancestor chain, someone tries to use Shadow DOM: <div id=host>
<template shadowroot=open>
<div class="container">
<iframe src="cross-origin1.html"></iframe>
<iframe src="foo" name="frame2"></iframe>
</div>
</template>
</div>In this case, the two frames can no longer communicate with each other. Is there any other mechanism by which they can get Again, I can see why we probably don't want this to work for a closed shadow root, but even in that case it's a bit weird that P.S. I wasn't sure whether to post this here, or on WICG/webcomponents#145, but that one is closed so I went with this one. |
For sure. They can do document.querySelector("#host").shadowRoot.querySelector("iframe").contentWindow.postMessage('bar');(I think I did my shadow-tree navigation right...) |
But the |
|
That doesn't impact things. |
|
Perhaps I don't understand. From |
|
Hmm, then the original example doesn't work. In general, |
|
Sorry, that's a typo in my original post: cross-origin1.html should include window.parent.frames['frame2'].postMessage('bar');This example does work, and is broken by shadow dom. |
|
I see. Yeah, I guess that is broken. I tend to think that's OK because named access in such a fashion is a legacy feature, so when designing new features like shadow DOM we try to restrict such legacy features so as to make the design space manageable. (The proper pattern would be to ask the parent to message the child by postMessage()ing the parent, or use BroadcastChannel or similar.) But I'll let others chime in. |
|
That is definitely intentional. We don't want iframe inside a shadow tree to be exposed on the global scope such that other scripts can stumble upon them. |
|
Thanks for the feedback here. I can see your points. The reason it (still?) feels a bit odd to me is that otherwise-working behavior is broken when the entire tree is placed into shadow dom. But I suppose the message is that this form of sibling-to-sibling direct frame communication, via the global |
|
Indeed, if we designed nested browsing contexts today they'd have far less side channels such as that one. |
|
In Firefox this isn't the behavior, window.frames include iframes inside ShadowDOM. |
Right - that’s this bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1695969 |
<iframe>works if its "shadow-host-including inclusive ancestor" is a document that has a browsing context. I.e., including when it does not end up in the flattened tree.<iframe>has a couple of major pain points when used in a shadow tree:Windowobject: <iframe> and Window's named properties WICG/webcomponents#145 These should probably not dig into the shadow tree, but that will require adjustments to various definitions around browsing contexts.<a href=test target=test>should not cross boundaries.Paging @hayatoito @smaug---- @rniwa.
The text was updated successfully, but these errors were encountered: