UA shadow roots should not be leaked via debugger APIs |
||
Issue descriptionSee the followings for the context: - https://bugs.chromium.org/p/chromium/issues/detail?id=666246#c47 I would like to make sure whether it is intentional or not to leak UA shadow roots via debugger APIs. If leaking only happens via chrome extension APIs, it might be okay because a chrome extension is not *Web*. A victim is only a user who installs an extension. However, the current Blink's assumption is "UA shadow roots are never leaked to JavaScript". Thus, we might want to disallow leaking UA shadow root in any way.
,
Dec 11 2017
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue. Sorry for the inconvenience if the bug really should have been left as Available. If you change it back, also remove the "Hotlist-Recharge-Cold" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||
►
Sign in to add a comment |
||
Comment 1 by hayato@chromium.org
, Dec 5 2016