Someday the behavior of native app "SDKs" will come in for similar review. I can't wait.https://twitter.com/JuliaAngwin/status/975764173190762500 …
Sadly, we don't have a real way to isolate custom elements from the main document. The best we have are iframes.
-
-
That's my concern, iframes are a big pain to communicate with (+dimensions etc), but WC need to be fully trusted not to leak data as they run on the origin. CSP helps but seems to remain too advanced a tool for most of the web. Typical easy vs safe tradeoff…
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
The only sandbox a custom element would really get is shadow dom to protect style leaking. Is the shadow dom concept doable with script isolation like with styles?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.