On Tue, Mar 12, 2013 at 2:19 PM, Dimitri Glazkov <dglaz...@chromium.org> wrote: > Quick update: we had a really productive lunch with a bunch of Mozilla and > Google peeps (cc'd) > > After mulling this whole thing over, we're decided keep shadow trees > traversable with a special provision for built-in HTML elements (UA shadow > trees) to be non-traversable, per spec. > > We reached this conclusion after conducting a thought exercise of trying to > gain entry into an imaginary private shadow tree, which exists in the same > scripting context as the document, just using existing Web platform API -- > as you may guess, it's not that difficult. > > However, to allow developers a degree of enforcing integrity of their shadow > trees, we are going add a new mode, an equivalent of a "KEEP OUT" sign, if > you will, which will makes a shadow tree non-traversable, effectively > skipping over it in an element's shadow tree stack. > > We couldn't come up with a good name for this mode. "Private" conveys false > expectations of being any sort of security primitive. "Hidden" is unclear in > purpose. "Get-Off-My-Lawn" is perfect, but a touch too wordy. > > We will also pursue, as a second phase of Shadow DOM spec, a way to create > shadow trees that exist in a separate scripting context and a separate > document, but render as part of the main document. These will provide the > necessary security guarantees and finally bring the candy trees and unicorns > to the Web platform.
This is exactly what I had hoped for, so yay! Everything sounds good to me. I don't have any good naming suggestions, but think "hidden" isn't too bad. ~TJ