Closed mrmr1993 closed 6 years ago
dylanb
commented
7 years ago If the DOM is supposed to be an effective API for developers other than document/component authors, then closed shadow DOMs are directly harmful. I propose depreciating mode and dropping closed shadow DOMs completely.
I think this statement is too generic. Closed shadow DOM is VERY useful in masking the author from the unnecessary details of the internals of standard HTML elements but harmful otherwise.
mrmr1993
commented
7 years ago Closed shadow DOM is VERY useful in masking the author from the unnecessary details of the internals of standard HTML elements
I think the "standard" part here is important: how is any code not written by the document author supposed to deal with the myriad possible non-standard elements otherwise? The specs dictate that the standard elements should behave in the manner anyway, with or without a closed shadow DOM feature.
I'll concede an edit, regardless.
rniwa
commented
7 years ago A generic program (ie. a program that uses the DOM to interact with a document of which it has no prior knowledge) has no reliable interface with which it can interact with and/or monitor documents
What are examples of such a library / framework / program? The only concrete example people have presented so far is Google Feedback (it creates a screenshot of a Google property in JS). But any first-party feature like that could assume that everyone uses the same library or even a convention used on websites, e.g. shadowRoot is always exposed via _shadowRoot(), to implement such a feature. So the case in which components are written by the first party isn't the interesting case.
Now, let us consider the case where components are written by third party developers, or different teams within an organization with tens of thousands of developers. In this case, it's not trivial to write a code that walks across shadow trees of components written by different teams or third parties. However, this can also be a benefit. If one of those teams decide to change the internal DOM structures of a component, any JS code that relies on certain DOM structure in that component's shadow DOM would break.
In fact, this is a feature of Web Components API since the intent of Web Components API is to let developers write a custom HTML element that hides its internal structure in favor of providing a public API like any builtin HTML element. If it was so easy to travers and interact with each component's shadow tree, it would defeat the whole point of encapsulation. Instead, any generic code that walks across DOM to do some work should be treating each custom element instance like a regular builtin HTML element.
rniwa
commented
7 years ago I think the "standard" part here is important: how is any code not written by the document author supposed to deal with the myriad possible non-standard elements otherwise? The specs dictate that the standard elements should behave in the manner anyway, with or without a closed shadow DOM feature.
The same we'd deal with video elements, input elements, etc... which can be modeled as builtin elements with UA shadow roots (WebKit and Blink DO use shadow roots to implement these elements).
mrmr1993
commented
7 years ago What are examples of such a library / framework / program?
My classic examples are:
javascript: URIs)In this case, it's not trivial to write a code that walks across shadow trees of components written by different teams or third parties.
I thought this was the point of shadow DOM: to make it harder. If your (generic) program needs to support the increasing number of shadow DOM enabled documents, then it seems pretty manageable to me (unless I've missed anything):
event.path[0] instead of event.targetactiveElement from document, instead of document.activeElementshadowRoot when element an element has one, falling back to normal walking through childrenblur/focus/etc. events on each shadowRoot in event.path (to capture changes of focus within a shadow DOM)any JS code that relies on certain DOM structure in that component's shadow DOM would break.
I agree that this is undesirable. But any JS code doesn't rely on (or even know about) components and their closed shadow DOMs, but need access to them, are broken by their use in the first place. I don't think the extra (circumventable) safety warrants the (often uncircumventable) breakage for this code.
any generic code that walks across DOM to do some work should be treating each custom element instance like a regular builtin HTML element.
The same we'd deal with video elements, input elements, etc... which can be modeled as builtin elements with UA shadow roots (WebKit and Blink DO use shadow roots to implement these elements).
We know what to do with regular builtin HTML elements. The only thing we can do with custom elements we don't know about is ignore them. This is a failure of the DOM.
dylanb
commented
7 years ago @mrmr1993 I can definitely see how Vimium would need access to all shadow DOM - including standard elements. It would be easier for programs that don't require access to these internals to explicitly exclude them like axe-core is planning to do for the <marquee> element - which appears with an open shadow DOM in Chrome.
rniwa
commented
7 years ago
- browser extensions (specifically WebExtensions)
- Vimium for Chrome is a solid example that closed DOMs hurt
What's exposed to browser extensions is up to each UA vendor. So each browser vendor can totally expose a new API that forces all shadow roots to be open, for example.
- bookmarklets (ie. bookmarks with
javascript:URIs)- in-browser testing frameworks
- e.g. Selenium WebDriver
I could imagine that scripts injected by WebDriver should have access to closed shadow roots. That work could be spec'ed in WebDriver.
- generic libraries (e.g. for jQuery)
Why would generic library need to access things inside a closed shadow tree?
How could closed shadow trees cause problems for PhantomJS? Why are nodes.js and PhantomJS special with regards to closed shadow trees?
- any other accessibility, testing or automation framework that uses the DOM as its interface to the document.
Saying that some libraries and frameworks may have an issue because they need to access nodes in a closed shadow tree is a bit tautological. We need a refutable statement. Otherwise, we can keep going around in circles based on each person's opinion.
dylanb
commented
7 years ago @rniwa how many examples do you want before you admit that your a priori opinion is possibly not correct?
What is a valid argument in your opinion?
Is the Vimium example not obviously a valid example of an application? What about that application makes you think it does not require access to the shadow DOM?
Here is another example, albeit forward-looking: the Web standardization process has accepted polyfilling future functionality as a way to prove out the validity/value and appropriateness of a new extension. It is impossible to polyfill anything that would need access to all shadow DOMs if they are closed. This cannot be circumvented with user agent permissions.
matthewp
commented
7 years ago I think he did address the Vimium example; browser extensions are non-standard, the browser can allow them to access closed Shadow DOM if they want to. It's a bug to report to Chrome's extension API.
Personally I do not use closed shadow roots because I just don't care if outside code accesses it, but I can see the argument for it just fine. Let me ask you this @dylanb, does it cause problems for you that you can't access built-in element's shadow DOM? If not, then why is it a problem for custom elements?
dylanb
commented
7 years ago Example of a polyfill which will not be possible:
Implementing a CSS4 :has() polyfill will not work in all the situations, in particular in combination with the >>> combinator.
rniwa
commented
7 years ago @rniwa how many examples do you want before you admit that your a priori opinion is possibly not correct?
The number of example doesn't matter as much as the content of examples.
What is a valid argument in your opinion?
There must be a use case that can't be addressed in the presence of any closed shadow trees, which outweighs all the benefits closed shadow trees provide. But the existence of such a use case seems very unlikely at this point because:
But I welcome anyone to prove me wrong.
Is the Vimium example not obviously a valid example of an application? What about that application makes you think it does not require access to the shadow DOM?
No, because it's a browser extension. Each UA can expose whatever API to make closed shadow trees accessible to browser extensions. In fact, I've added a special API internal to Safari that enables such a feature should Safari team decide to add such a capability to its extension API. In general, browser extensions exist outside the realm of DOM and HTML standards; we don't encourage or discourage the existence of any feature or lack thereof in that space.
Here is another example, albeit forward-looking: the Web standardization process has accepted polyfilling future functionality as a way to prove out the validity/value and appropriateness of a new extension. It is impossible to polyfill anything that would need access to all shadow DOMs if they are closed. This cannot be circumvented with user agent permissions.
Example of a polyfill which will not be possible:
Implementing a CSS4 :has() polyfill will not work in all the situations, in particular in combination with the >>> combinator.
Why would a web component needs to be able to use the polyfill included outside the shadow tree? Again, if this is the first party or collaborating component, then such a component can use either a convention to expose its shadow tree (e.g. getShadowRoot() method) or call some function in the polyfill to enable it in the shadow tree.
If the component was written by a third party or is otherwise non-collaborating, then such a component is unlikely to be expecting the existence of such a polyfill. In fact, the presence of such a polyfill may break or have unintended consequences on the component depending on what the polyfill is doing. So I'd argue that the fact a polyfill doesn't spill into each component's shadow tree is a feature, not a bug, of shadow DOM.
dylanb
commented
7 years ago Are you saying that a polyfill for the CSS4 selectors is not a valid/useful thing to implement?
Are you saying that an author of a document who wants to use a CSS4 selector in combination with the >>> combinator is not a valid use case of a CSS4 selector?
dylanb
commented
7 years ago Here is a product that cannot work properly on a site that uses closed shadow DOM components that are not also standard HTML elements https://sitecues.com/
rniwa
commented
7 years ago Are you saying that a polyfill for the CSS4 selectors is not a valid/useful thing to implement?
That's not at all I'm saying. I'm pointing out that a polyfill included outside the shadow tree not spilling into a component's shadow tree is a feature, not a bug if the component was written by someone else. It avoids breaking that component even if it wasn't written to work well with the newly polyfill.
Here is a product that cannot work properly on a site that uses closed shadow DOM components that are not also standard HTML elements https://sitecues.com/
So it seems that Sitecues have two products. One for users which adds extra accessibility features to the browser, and another which adds those features on a website if the author wishes to have it.
The first product exists outside the realm of the standardization process since it's basically a browser plugin / extension. For the second product, either each component can expose extra information to the library using some API, website can annotate each component with whatever information this tool needs (this is probably the most preferable approach since we can add new builtin HTML elements, and there should be a mechanism to make it compatible with this tool), or each website can include a script synchronously at the top which overrides Element.prototype.attachShadow to provide some hooks.
But really, a well written component shouldn't need any extra work to make it possible to adjust the font size since each component should be specifying its font size using rem, em, or %.
Dictation is a bit hard to implement in a website without a component or a website cooperating for sure but then if a website contains an cross-origin iframe, it won't work across iframe boundaries so I'm not sure if adding dictation feature to a component written by a third party which contains semantically important content in its shadow tree is really a common use case.
In cases where a component is written by a third party, a tab view for example, the content semantically important to the user would be included as children of its shadow host so dictation would just work. In cases where a component is an integral part of the website, e.g. app container is a component itself, then that component can just expose whatever needed for dictation to work.
dylanb
commented
7 years ago ok, so we have two good examples then of valid applications that cannot be implemented with closed shadow DOM:
rniwa
commented
7 years ago I wouldn't say either example is "good".
The dictation can be implemented by either making websites or components collaborate. Furthermore, adding the dictation to a website that's not otherwise designed to do so is usually done at the browser level as a plugin / extension. If a website truly needed a dictation, e.g. e-book site, then that website can natively support & implement dictation as needed everywhere.
For polyfils, I don't think polyfills spilling into a component's shadow tree by default is a good idea at all because polyfills can break components that don't expect them to exist. These kind of isolations and opt-ins are precisely what shadow DOM API should provide.
rniwa
commented
7 years ago I'd note that we didn't spend a week or two thinking about these problems and come to the conclusion that the closed shadow tree is the way to go. We spent 2+ years continuously discussing amongst experienced software engineers who had been working on the Web technology over decades to reach our consensus. And this is precisely why we reached the consensus to keep mode as the mandatory option during W3C F2F meeting: because this topic is extremely contentious and either party arguing for open or closed shadow tree couldn't convince the other party.
It would take some serious thinking and groundbreaking argument or discovery on your part to convince us otherwise.
rniwa
commented
7 years ago Another thing. The canvas element might be hostile to Sitecues's dictation feature because any text drawn in the canvas can't be read by Sitecues unless it implements OCR of some sort. But we didn't remove the canvas element. We instead added enhancements to the canvas to make it more accessible so that tools like Sitecues and browser's native assertive technology could get necessary information out of a canvas element.
Similarly, if there is a specific scenario in which a closed shadow trees would break use cases, then we can make improvements to custom elements or shadow DOM API to address those use cases instead of letting them explore contents inside shadow trees manually. This approach has an added benefit of letting each component decide what's visible to tools like Sitecues.
dylanb
commented
7 years ago @rniwa I have a different proposal: how about user agents treat the built-in standard HTML elements in a special way (by closing their shadow DOM) and make all other shadow DOM open.
This would meet the original requirements of having closed shadow DOM for UA elements but solve all the problems that you are explaining away by (and I am paraphrasing your posts) essentially telling people either not to use shadow DOM, not to use closed shadow DOM (collaborate) or simply not to implement their application the way they would like to.
mrmr1993
commented
7 years ago What's exposed to browser extensions is up to each UA vendor. So each browser vendor can totally expose a new API that forces all shadow roots to be open, for example.
@rniwa If only there was a place to standardise such an API, or some action we could take to make the API unnecessary, to help reduce the burden for developers... It's also worth noting that none of the browsers (Chrome, Firefox, Edge) supporting Web Extensions have previously needed to expose any supplemental APIs for DOM access; the DOM has been generic, well-specified and powerful enough to read and modify the document in all the necessary ways.
We need a refutable statement.
I'll give you ~four~(edit:) five:
How could closed shadow trees cause problems for PhantomJS? Why are nodes.js and PhantomJS special with regards to closed shadow trees?
Scripts that use PhantomJS to interact with documents use the DOM to do so. Some developers will need to be able to read/manipulate content in shadow DOMs programmatically to make their applications work correctly with pages using them. They cannot do this without PhantomJS and node.js adding their own non-standard workarounds.
Why would generic library need to access things inside a closed shadow tree?
Suppose a library wanted to provide an easy way to attach keyboard shortcuts to a page, except when the user is entering text into an input (<input>, <textarea> <* contenteditable="true">, etc.). This library will function incorrectly (ie. interpret input-generating keypresses as keyboard shortcuts) for any pages containing an input inside a closed shadow DOM.
(Full disclosure: this is what Vimium does, but browser-wide instead of for a single document.)
matthewp
commented
7 years ago I disagree completely @mrmr1993, closed shadow DOMs just give developers the same abilities that built-in elements have. If a new built-in form element were created then Vimium wouldn't work with it either. The solution here is to define an interface to interact with form elements that is generic enough that Vimium and others don't need to special case for every element type. These are the events to listen to changes and the properties to get/set the element's underlying value. There's no reason why if my custom element (with a closed shadow) emitted those events and had the correct properties why Vimium wouldn't just work with those.
mrmr1993
commented
7 years ago does it cause problems for you that you can't access built-in element's shadow DOM? If not, then why is it a problem for custom elements
@matthewp built-in elements' behaviours and properties are comprehensive, well-defined, and easy-to-find. There are occasional limitations (e.g. setting the cursor position in an <input type="date" />), but nearly everything you might want to do with them is possible.
By contrast, custom elements need not have any useful/relevant behaviours and properties. Even when they do, code that isn't written for them has no reliable way of using them, since it can't "read the documentation".
mrmr1993
commented
7 years ago There's no reason why if my custom element (with a closed shadow) emitted those events and had the correct properties why Vimium wouldn't just work with those.
@matthewp Of course there isn't. But Vimium (or a library doing the same) is unreliable if it depends on every developer (using a shadow DOM) on every page correctly and consistently implementing the same features. This makes for awful UX.
mrmr1993
commented
7 years ago To put it another way: open shadow DOMs give a (in fact the only) reliable standard API for non-standard components; closed shadow DOMs give you nothing.
rniwa
commented
7 years ago It's also worth noting that none of the browsers (Chrome, Firefox, Edge) supporting Web Extensions have previously needed to expose any supplemental APIs for DOM access; the DOM has been generic, well-specified and powerful enough to read and modify the document in all the necessary ways.
That's absolutely untrue. Browsers already have to provide a mechanism to inject code into every cross-origin iframe's document even though the top-level document ordinarily don't have access to.
mrmr1993
commented
7 years ago the DOM has been generic, well-specified and powerful enough to read and modify the document in all the necessary ways.
That's absolutely untrue. Browsers already have to provide a mechanism to inject code into every cross-origin iframe's document even though the top-level document ordinarily don't have access to.
I think you're being a bit disingenuous. That's not an API to read or modify the document in any way. It does create an execution context with access to read or modify the document, but this is still solely via the DOM.
rniwa
commented
7 years ago We need a refutable statement.
I'll give you ~four~(edit:) five:
- With closed shadow roots, the DOM is no longer generic, well-specified and powerful enough to read and modify the document in the ways the page's scripts can as a whole.
This is demonstratively false. You can simply override Element.prototype.attachShadow to do the same. But more importantly, the whole point of shadow DOM is to provide encapsulation. Encapsulation by definition hides information of each component from the rest. This is a feature, not a bug.
- It is a waste of implementers' time and effort to each discover the limited access and develop a non-standard workaround.
Why is not being able to access a shadow tree's content considered a limitation and something that requires a workaround? This isn't really a refutable but rather an opinion.
- It is a waste of developers' time and effort to each discover the limited access, request a non-standard workaround and/or work out how it should be used.
Ditto.
- The protection that the component developer is given from the document's author are illusory.
Illusory as in they can work around by overriding Element.prototype.attachShadow, or any other method in the same global? That is the limitation of the ECMAScript, not DOM. If ECMAScript provided a way to get a separate realm (and its own global object), or had a reliable way to get the original builtin functions, the protection would not be illusory.
- (edit:) Closed shadow DOMs let any developer create arbitrary self-contained, undocumented extensions to the DOM. The average developer cannot be relied upon to do this usefully, compatibly or well.
This seems like an argument against any average developer writing any component at all. It doesn't matter whether a component uses a shadow tree or not since any component can be ill-formed. FWIW, a component can be written using a cross-origin iframe or a canvas element in which case nobody else wouldn't have access to its content even today.
mrmr1993
commented
7 years ago It is a waste of implementers' time and effort to each discover the limited access and develop a non-standard workaround.
Why is not being able to access a shadow tree's content considered a limitation and something that requires a workaround? This isn't really a refutable but rather an opinion.
If useful programs can't be written to function as intended, that seems like a limitation. Especially if they could be before. Is it not a limitation that a developer can't write a keyboard shortcut library of the kind I described as above?
- The protection that the component developer is given from the document's author are illusory.
Illusory as in they can work around by overriding
Element.prototype.attachShadow, or any other method in the same global? That is the limitation of the ECMAScript, not DOM. If ECMAScript provided a way to get a separate realm (and its own global object), or had a reliable way to get the original builtin functions, the protection would not be illusory.
This is the whole point of the closed shadow DOM though, no? Either the DOM is important for multiple contexts, in which case they may not have document awareness and need shadow DOM access to behave correctly with custom elements, or they're not, in which case they're embedded in the document, use ECMAScript and the protection is illusory.
rniwa
commented
7 years ago It is a waste of implementers' time and effort to each discover the limited access and develop a non-standard workaround.
Why is not being able to access a shadow tree's content considered a limitation and something that requires a workaround? This isn't really a refutable but rather an opinion.
If useful programs can't be written to function as intended, that seems like a limitation. Especially if they could be before. Is it not a limitation that a developer can't write a keyboard shortcut library of the kind I described as above?
Would you argue that private variables in languages like C++ and Java are limitations that prevent useful programs to be written because other code can't access those states and implement useful programs?
Or would you argue that the canvas is a limitation because it won't allow the same library to provide keyboard shortcuts into text drawn in the canvas?
- The protection that the component developer is given from the document's author are illusory.
Illusory as in they can work around by overriding
Element.prototype.attachShadow, or any other method in the same global? That is the limitation of the ECMAScript, not DOM. If ECMAScript provided a way to get a separate realm (and its own global object), or had a reliable way to get the original builtin functions, the protection would not be illusory.This is the whole point of the closed shadow DOM though, no? Either the DOM is important for multiple contexts, in which case they may not have document awareness and need shadow DOM access to behave correctly with custom elements, or they're not, in which case they're embedded in the document, use ECMAScript and the protection is illusory.
There is a discussion for private states in ECMAScript on track, and we've been discussing about the fully isolated components for years now.
mrmr1993
commented
7 years ago Would you argue that private variables in languages like C++ and Java are limitations that prevent useful programs to be written because other code can't access those states and implement useful programs?
I would argue that a user can't interactively render a collection of private variables, nor pass it to a program, expecting it to act upon their mental model of that rendering.
Or would you argue that the canvas is a limitation because it won't allow the same library to provide keyboard shortcuts into text drawn in the canvas?
It's an image. At a facile level, if you're not using document objects to render your content, then you have nothing to do with the DOM, and the DOM has nothing to do with you. This sucks for all planned or unplanned external interactivity, but it shouldn't be a consideration for this discussion.
There is a discussion for private states in ECMAScript on track, and we've been discussing about the fully isolated components for years now.
I think the same point as for C++ and Java applies. It's not a 'thing' as far is the user is concerned. Go wild.
rniwa
commented
7 years ago There is a discussion for private states in ECMAScript on track, and we've been discussing about the fully isolated components for years now.
I think the same point as for C++ and Java applies. It's not a 'thing' as far is the user is concerned. Go wild.
Well, then that same argument holds for closed shadow trees. It's not really a thing to go into some component's shadow tree and mess with it.
mrmr1993
commented
7 years ago I think the same point as for C++ and Java applies. It's not a 'thing' as far is the user is concerned. Go wild.
Well, then that same argument holds for closed shadow trees.
Hardly. The DOM is always meaningful, since it represents the user interface/user-facing content in a standardised way. If you give me a DOM (and the relevant styles, admittedly), I can tell you what it represents and do useful things with it. Not so with arbitrary internal private states -- their representation is only meaningful in the context of that specific program.
It's not really a thing to go into some component's shadow tree and mess with it.
I think you may have misinterpreted me: I meant that ECMAScript internal state isn't a virtual object in the mind of the user. DOM elements certainly are. Nonetheless, this is patently false; programs already do this. That you don't like it doesn't make it not a 'thing'.
The thing that's made the web so powerful up until now is the DOM. Search engines rely on the DOM. Libraries rely on the DOM. Extensions rely on the DOM. Accessibility programs rely on the DOM. People have been able to re-use huge amounts of code because the underlying objects are all the same, and all accessible.
This all dies when your documents are full of opaque <main-content>s and <autocomplete-input>s and mine are full of <article-body>s and <filter-dropdown>s. Or worse, 'empty' <div>s. The objects in the DOM can't reliably convey any meaning to cross-document programs, unless they learn to read the developers' minds. This ruins the web.
I'll quote my example from above here, in the hopes that you have a response to it:
Suppose a library wanted to provide an easy way to attach keyboard shortcuts to a page, except when the user is entering text into an input (
<input>,<textarea><* contenteditable="true">, etc.). This library will function incorrectly (ie. interpret input-generating keypresses as keyboard shortcuts) for any pages containing an input inside a closed shadow DOM.
BronislavKlucka
commented
7 years ago Hi,
you are missing the point, /closed/ mode is not wrongly introduced because you cannot mess with the internals, it was created precisely for this purpose: so you cannot mess with the internals. You are looking at this issue with very narrow perspective of very few use cases, completely ignoring the pain of web apps developers they have been dealing with for decades: the global DOM space, where everything could affect everything. The common way, how desktop apps are developed is that you have/buy RAD with e.g. 20 components and through out the years you write/purchase/download hundreds of others and the beauty is, that those are self contained black boxes that always works together regardless of any kind of combination of any number of component from any number of developers (exceptions being possible class naming collisions and unique resources access). The second beauty of this simply is the fact, that developers who are using those components are informed "you can touch this, this is fixed and you cannot rely on that, that is internal and can change with every minor release". If you chose to somehow rely on internals and it breaks, it's your fault, not authors.
If you ever tried to combine even 2 web/js component libraries together? pain... and then upgrade one... Yes /closed/ mode is something new and strange but something web platforms needs to become fully fledged application run time (yes, we could somehow do this before... you can walk to Rome, but I assume air plain or car is much better solution).
You are arguing that
"
This all dies when your documents are full of opaque | Instead of refusing several years of discussions, the way to solve this
is come up with set of attributes that would be useful to
expose/describe, the same way WAI-ARIA works to describe authored
controls. Do you want to be informed about the fact that control is
editable?
"
Suppose a library wanted to provide an easy way to attach keyboard
shortcuts to a page, except when the user is entering text into an input
(||, ||s.
"
but you are effectively describing the issue you/we had for decades:
"opaque 'empty' ||s", applications build by divs and spans, filled
by another ||divs and spans generated via XMLHTTPRequest... same diff
for you (no officially described semantics what so ever), huge
difference for those who write/maintain such projects.
Alternative title: DOM does not reliably model document objects with closed shadow DOMs.
A generic program (ie. a program that uses the DOM to interact with a document of which it has no prior knowledge) has no reliable interface with which it can interact with and/or monitor documents. In particular:
keydown,keyupandclickevents, and so cannot predict behaviour in response to user input or its own simulated input.Selection.toString) or modified (except by the non-standardSelection.modify)Closed shadow DOMs may (or may not) be fine for document authors, who make the decision to use code including them. However, their existence and use makes the DOM an unreliable API for programs, libraries, etc. that are made to act upon a document by the user or document author.
If the DOM is supposed to be an effective API for developers other than document/component authors, then closed shadow DOMs are directly harmful (edit:) to all these developers. I propose depreciating
modeand dropping closed shadow DOMs completely.This issue generalises #354, all examples there also apply to here. (/cc @dylanb in case you're still interested).