Subject: [sXBL] Various issues in the sXBL draft -- section
6 - msg#00079
I'm somewhat wondering what security issues, if any, there are in the XBL DOM.
My first instinct is that all access to any of the XBL DOM properties must have
same-origin security checks... but that makes it hard to create reusable
bindings that pages load from a single location. Then again, perhaps that's
desirable.
I'd love to hear people's thoughts on this.
6.1
The term "nodes that support XBL" is used here without being defined. It's not
clear to me what nodes should implement the NodeXBL interface... Should Element
nodes? Text nodes? Comment nodes? Attribute nodes? Document nodes? Entity
reference nodes?
In the definition of xblChildNodes, the term "true children" is used. This term
is not defined anywhere. Perhaps the documentation should simply clarify that
this is the list of all nodes that have the given node as an xblParentNode, in
their flattened-tree order?
It's not completely clear to me how xblScopedChildNodes differs from
xblChildNodes. Which nested bindings should be ignored, exactly, to determine
this nodelist?
I'm not quite sure why the xblFirstElementChild, xblLastElementChild,
xblPreviousElementSibling, xlbNextElementSibling are needed.... Are there
really very common use cases for these?
6.2
Just extending Event is perhaps a bit of an issue, from my perspective as a
Mozilla implementor. Since the interface is part of a W3C Recommendation and
has been for years, it's part of the frozen API Mozilla exposes. As such, we
cannot change it. If it does get extended like this, we will probably do what
we did when DOM3 Core extended the DOM2 Node interface -- put the new methods on
a totally different interface (XBLEvent, probably), and make it possible to get
from an Event to an XBLEvent via binding-specific casting methods.
Clearly implementations that postdate the creation of this specification would
not be operating under any such constraints. At the same time, I'm not sure
whether it's good precedent that specifications should just extend interfaces
defined in other specifications. Even doing it for DOM3 vs DOM2 was
problematic, as you can see; consider what happens if several working groups all
extend Event in different ways.
6.3
I assume getElementByID means "descendants in the DOM Core sense" when it talks
about only searching the shadowTree element and its descendants, right? That
may be worth clarifying.
What is the behavior if an empty string is passed in? Would it match, say, an
<html:div id=""> but not an <html:div>? I don't believe the DOM Core specs are
very clear on this issue either...
-Boris
Thread at a glance:
Previous Message by Date:
[sXBL] question on the <content> processing model
I'm not quite clear on exactly what <content> does, or more precisely on which
nodes it operates. Section 4.2 talks about "explicit children", but consider
the situation represented by the diagram in that section -- node 3 has an sXBL
binding bound to it which makes nodes 4 and 5 children of the leftmost purple
node (call it node A) in the flattened tree.
Now say node A has an sXBL binding bound to it, and this binding has <content>
elements. Would those be able to reposition node 4 and node 5 in the flattened
tree under node A? It seems that the intent is that they should, yet node 4 and
node 5 are not at all explicit children of node A... Some clarification here
would be nice.
-Boris
Next Message by Date:
tiny tests: 4 alterations to consider
In testing a cell phone I have altered four tests to make testing
easier, you may consider making these changes in cvs.
Here are my notes from field testing the svg-wg tiny static tests
Some files do not size properly.
Take a look at the windowing on files:
fonts-elem-01-t
fonts-elem-02-t
- width and height were changed in the root on these two files to
100% so that they display properly and to make them conform to all the
other tiny tests.
The following tests require images to display properly:
render-groups-03-t
struct-image-01-t
- I altered both of these files so that referenced images were in the
same directory, this did not correct the problem, but I now know it's
not a location issue.
The following tests need to be re-shot:
fonts-elem-01, windowing changed
fonts-elem-02, windowing changed
render-groups-03, support files missing
struct-image-01, support files missing
struct-defs-01, bad shot
--
Best regards
Rick
Previous Message by Thread:
[sXBL] question on the <content> processing model
I'm not quite clear on exactly what <content> does, or more precisely on which
nodes it operates. Section 4.2 talks about "explicit children", but consider
the situation represented by the diagram in that section -- node 3 has an sXBL
binding bound to it which makes nodes 4 and 5 children of the leftmost purple
node (call it node A) in the flattened tree.
Now say node A has an sXBL binding bound to it, and this binding has <content>
elements. Would those be able to reposition node 4 and node 5 in the flattened
tree under node A? It seems that the intent is that they should, yet node 4 and
node 5 are not at all explicit children of node A... Some clarification here
would be nice.
-Boris
Next Message by Thread:
tiny tests: 4 alterations to consider
In testing a cell phone I have altered four tests to make testing
easier, you may consider making these changes in cvs.
Here are my notes from field testing the svg-wg tiny static tests
Some files do not size properly.
Take a look at the windowing on files:
fonts-elem-01-t
fonts-elem-02-t
- width and height were changed in the root on these two files to
100% so that they display properly and to make them conform to all the
other tiny tests.
The following tests require images to display properly:
render-groups-03-t
struct-image-01-t
- I altered both of these files so that referenced images were in the
same directory, this did not correct the problem, but I now know it's
not a location issue.
The following tests need to be re-shot:
fonts-elem-01, windowing changed
fonts-elem-02, windowing changed
render-groups-03, support files missing
struct-image-01, support files missing
struct-defs-01, bad shot
--
Best regards
Rick
