New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
window.event and shadow trees #679
Comments
Hmm, that particular test isn't updated yet in mozilla-central, and currently it is marked as failing |
It only just merged on the Chromium side so I suspect it'll take a while to propagate all the way. I thought that Fx hadn't accounted for shadow tree handling yet when it came to |
@hsivonen did add support for shadow DOM too. |
AFAIK, the idea to attempt to hide I wasn't aware of this issue when we discussed Issue 334, and I'm now leaning to the idea to expose |
Thanks @yuki3 FWIW, Blink changed the behavior of window.event for Shadow DOM v1 here https://chromium-review.googlesource.com/c/chromium/src/+/773922. We've not heard any web site breakage report by this change. Given that, I guess the risk of changing window.event behavior for a shadow tree is (still) low enough, and any change doesn't matter much for web developers in practice, I am hoping. On the implementer hat, it could make the implementation much simpler if we don't try to hide window.event in a shadow tree, per @yuki3 . |
What I'm proposing is slightly different I think. Make |
FWIW, the latest betas of iOS 12 and macOS Mojave hides |
I'm afraid that I've never been understanding why we want to hide (or set to undefined) |
@yuki3 the rationale is that if an event listener in a shadow tree calls a "global function", that global function then has access to the shadow tree through Technically this applies to composed events as well, however in that case the global function could have obtained a reference to the |
Ah, now I see that we're afraid of a leak through event.{target,srcElement,currentTarget,...}. As I'm newbie about shadow trees, I don't yet understand how much the encapsulation is important. However, if we suppose that the encapsulation is very important, I'd think that hiding |
We do adjust |
Is this what we're afraid of? |
Yeah, though for that scenario |
Thanks. I think I've finally caught up to your first question.
Supposing that author knows the composed event and the target where the event was initially dispatched (i.e. If so, tweaking |
In case of a single developer that already has access to the shadow tree, hiding it indeed doesn't help. The encapsulation comes into play with libraries not aware of the shadow trees reacting to UA-dispatched events or events dispatched by libraries aware of the shadow trees. |
Could you give me an example code of the case that we are able to detect a shadow node only by |
I guess this is the point where I clarify it's not a hard guarantee and we don't intend to protect against those messing around with prototypes and such? |
Ah, I see. |
To make this more concrete, I think all that would change here is step 2.8.2 of https://dom.spec.whatwg.org/#concept-event-listener-inner-invoke from
to
(tuple above will become struct per #686 so we might want to wait on that before landing this change.) |
F2F: it's observable either way and we'd like the |
In https://chromium-review.googlesource.com/c/chromium/src/+/1177406 Yuki Yamada corrected a wpt test that now illustrates that if a listener of a node in a shadow tree runs for a composed event,
window.event
will be undefined.If this listener were to call a function that's not aware of the shadow tree, but does keep around state about the composed event, it'll learn about the existence of the shadow tree.
I think this is only observable with web developer-implemented shadow trees, not UA-implemented shadow trees, but it still seems somewhat suboptimal? Am I missing something here?
cc @whatwg/components
The text was updated successfully, but these errors were encountered: