Security scopes #2
Comments
|
Is there a need for explicit scopes mix? |
scope definitionIs a subset of DWA descriptor. Perhaps is identical? |
|
The scope is a candidate for |
HistorySince very beginning of HTML the scopes been extensively used Glossary
|
domain and subdomain scopein similar fashion as cookies. If Domain is specified, then subdomains are always included. |
|
the scope in DCE POC is limited to DCE root as associated data |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Some DCE would act as "mediator" and pipe the content transparently with a little adjustment of content. Whether it is an UX activities analytics, localization, or accessibility decorator application author needs a level of control what particular DCE instance/html include/html module has access to and able to change. The reasons would vary. From security( why accessibility layer should track user activities?) to insulation of apps from different domains( why give app keys access to foreign domain).
What would
scopecontrol?baseURIto resolve references to dependent resources*own importmaps to resolve non-relative and non-absolute URIs
nonetofullwhich matches no insulation as in usual STYLE tag to shadowDOM.scope presets
In addition to
noneandanonymousthe scopes can be defined and named by context owner.Using the scope of same name defines the concept of library - a related set of components which share same configuration and insulation layers.
scope inheritance
Since scopes are working within context, it's hierarchy is applied for scopes. But on the outer(owner) level the inner scopes can be redefined and passed through.
For example, Bootstrap CSS library can be named on page level as
bootstrap-cssand components which use or override its rules would havescope="bootstrap-css".The text was updated successfully, but these errors were encountered: