Intent to Extend Origin Trial: Declarative Shadow DOM

57 views

Skip to first unread message

Mason Freed

unread,

Jan 14, 2021, 5:37:33 PM1/14/21

to blink-dev

Hello,

I'd like to request another extension to the Declarative Shadow DOM Origin Trial, through M89. The prior trial was through M88. Our partners need additional time to roll out new versions of their components, and are only getting started with testing in the next few weeks (hopefully).

API spec

Yes

Design docs

https://github.com/mfreed7/declarative-shadow-dom/blob/master/README.md

Summary

A declarative API to allow the creation of #shadowroot's using only HTML and no Javascript. Sign up for an Origin Trial (M85-M89) here: https://developers.chrome.com/origintrials/#/register_trial/2024368032503037953 Blog post: https://web.dev/declarative-shadow-dom/

Blink component

Blink>DOM>ShadowDOM

Search tags

Shadow DOM, Declarative

TAG review

https://github.com/w3ctag/design-reviews/issues/494

TAG review status

Issues addressed

Risks

Interoperability and Compatibility

The main interoperability risk would be that other browsers fail to implement this API. This feature is quite polyfillable, so it should still be usable while other implementations are being completed.

Gecko: Non-harmful (https://github.com/mozilla/standards-positions/issues/335#issuecomment-668875898) Some concern that the feature "doesn't carry its weight", but Firefox considers this API non-harmful.

Edge: No signal

WebKit: No signal (https://lists.webkit.org/pipermail/webkit-dev/2020-August/031331.html) Some comments, no conclusions

Web developers: Positive See many comments from developers on the prior thread resolving *not* to move forward with declarative Shadow DOM. Most are positive and want a solution to this problem. Start after this comment: https://github.com/whatwg/dom/issues/510#issuecomment-370980398

Ergonomics

Much thought has been given to the ergonomics of this API. A more ergonomic alternative, that of a new <shadowroot> element, would create significant web compat problems for browsers that do not yet support the new element. The biggest risk of the current proposal is that it does not *also* solve the declarative adoptedStylesheets problem. That is, to include stylesheets within declarative shadowroots, inline <style> elements must be used. That isn't as large of a penalty as it would seem, but it is a stumbling block. See https://github.com/whatwg/dom/issues/831#issuecomment-585451735, point #3 for more discussion of this issue.

Activation

This feature is rather polyfillable - see https://github.com/mfreed7/declarative-shadow-dom/blob/master/README.md#feature-detection-and-polyfilling. However, any such polyfill would require Javascript to work, and the primary motivation for this feature is no-JS SSR. However, for sites that want to use Web Components and Shadow DOM, it would seem that such a polyfill could be written in a way that does not impact performance for browsers that have implemented this proposal, and does no worse for browsers that have not yet supported this API.

Security

The prior implementation of <template> caused significant parser security issues. While this proposal attempts to re-use as much as possible of the existing <template> implementation, there are a few required changes. It is possible that those changes introduce new security holes. Additionally, the existing implementation of <template> could also still contain undiscovered security problems. There is a specific concern that has been identified for existing (non-upgraded, old) XSS sanitizer libraries. This concern has been mitigated by creating an opt-in mechanism for the fragment parser. There is an extensive discussion of this issue in the explainer (https://github.com/mfreed7/declarative-shadow-dom/blob/master/README.md#security-and-privacy-considerations) and in the #912 issue thread (https://github.com/whatwg/dom/issues/912).

Goals for experimentation

- Ergonomics of the API, etc. - Common use cases. In particular, I'm curious how often the Shadow DOM content for a given Custom Element is identically the same across a page, vs. slightly different from instance to instance. - Speed, bugs, etc.

Experimental timeline

M85-M89

Reason this experiment is being extended

Origin trial partners are taking longer than expected getting up and running, due to other external priorities and circumstances. They are expected to start very soon, but we need at least another milestone. Prior I2E thread: https://groups.google.com/a/chromium.org/d/msg/blink-dev/DuvhXyYo7Pc/_zcDVQmCAAAJ Prior Extension request thread: https://groups.google.com/a/chromium.org/g/blink-dev/c/_yZ54YV5Gis/m/0Dcw3Jt6AAAJ

Ongoing technical constraints

None

Debuggability

Since this is a parser-only feature, parsed DOM content will contain only "normal" #shadowroot nodes. Devtools already fully supports Shadow DOM, and all of those existing tools will continue to apply to this new method of declaratively creating Shadow DOM.

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

Yes

Is this feature fully tested by web-platform-tests?

Yes

Tracking bug

https://crbug.com/1042130

Launch bug

https://crbug.com/1141102

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5191745052606464

Links to previous Intent discussions

Intent to prototype: https://groups.google.com/a/chromium.org/d/msg/blink-dev/nJDc-1s3R9U/uCJKsEqpAwAJ
Intent to Experiment: https://groups.google.com/a/chromium.org/d/msg/blink-dev/DuvhXyYo7Pc/_zcDVQmCAAAJ

This intent message was generated by Chrome Platform Status.

Yoav Weiss