[Bug 28086] New: [Shadow] (assuming iframes should work inside shadow DOM) Should the contentWindow objects of iframes in shadow DOM show up in window.frames?

https://www.w3.org/Bugs/Public/show_bug.cgi?id=28086 Bug ID: 28086 Summary: [Shadow] (assuming iframes should work inside shadow DOM) Should the contentWindow objects of iframes in shadow DOM show up in window.frames? Produc

Re: Custom elements: synchronous constructors and cloning

> On Feb 23, 2015, at 6:42 AM, Boris Zbarsky wrote: > > On 2/23/15 4:27 AM, Anne van Kesteren wrote: > >> 1) If we run the constructor synchronously, even during cloning. If >> the constructor did something unexpected, is that actually >> problematic? It is not immediately clear to me what inva

Re: CORS performance

On Mon, Feb 23, 2015 at 11:06 AM, Anne van Kesteren wrote: > On Mon, Feb 23, 2015 at 7:55 PM, Jonas Sicking wrote: >> A lot websites accidentally enabled cross-origin requests with >> cookies. Not realizing that that enabled attackers to make requests >> that had side-effects as well as read pers

Re: CORS performance

On Mon, Feb 23, 2015 at 7:55 PM, Jonas Sicking wrote: > A lot websites accidentally enabled cross-origin requests with > cookies. Not realizing that that enabled attackers to make requests > that had side-effects as well as read personal user data without user > permission. > > In short, it was ve

Re: CORS performance proposal

On Fri, Feb 20, 2015 at 11:43 PM, Anne van Kesteren wrote: > On Fri, Feb 20, 2015 at 9:38 PM, Jonas Sicking wrote: >> On Fri, Feb 20, 2015 at 1:05 AM, Anne van Kesteren wrote: >>> An alternative is that we attempt to introduce >>> Access-Control-Policy-Path again from 2008. The problems you rais

Re: CORS performance proposal

On Sat, Feb 21, 2015 at 11:18 PM, Anne van Kesteren wrote: > On Sat, Feb 21, 2015 at 10:17 AM, Martin Thomson > wrote: >> On 21 February 2015 at 20:43, Anne van Kesteren wrote: >>> High-byte of what? A URL is within ASCII range when it reaches the >>> server. This is the first time I hear of thi

Re: CORS performance

On Mon, Feb 23, 2015 at 7:15 AM, Henri Sivonen wrote: > On Tue, Feb 17, 2015 at 9:31 PM, Brad Hill wrote: >> I think it is at least worth discussing the relative merits of using a >> resource published under /.well-known for such use cases, vs. sending >> "pinned" headers with every single resour

Re: CORS performance

On Tue, Feb 17, 2015 at 9:31 PM, Brad Hill wrote: > I think it is at least worth discussing the relative merits of using a > resource published under /.well-known for such use cases, vs. sending > "pinned" headers with every single resource. FWIW, when CORS was designed, the Flash crossdomain.xml

Re: Custom elements: synchronous constructors and cloning

On 2/23/15 4:27 AM, Anne van Kesteren wrote: 1) If we run the constructor synchronously, even during cloning. If the constructor did something unexpected, is that actually problematic? It is not immediately clear to me what invariants we might want to preserve. Possibly it's just that the code w

Custom elements: synchronous constructors and cloning

I've been continuing to explore synchronous constructors for custom elements as they explain the parser best. After reading through https://speakerdeck.com/vjeux/oscon-react-architecture I thought there might be a performance concern, but Yehuda tells me that innerHTML being faster than DOM methods