New issue on

GitHub project “design-reviews”

W3C TAG: Review different cross-domain import mechanisms and their security models

on (ttk.me b/53v1) using BBEdit

During #TC39 73 I’ve learned about ES Modules Attributes being proposed to address security concerns when importing JSON modules: ES Module Attributes. Filing this design issue for the TAG to more broadly consider various web-based cross-domain import mechanisms like HTML Modules (334), CSS Modules (405), and ES Modules. Specifically I request the TAG analyze and provide clarity on the exact security model or models and hopefully some degree of consistency and explicit architectural design across these mechanisms.

See the following related issues and efforts:

From a web author, developer, publisher perspective, a more consistent and understandable security model across these would help with easier understanding and better chance of conveying author intent. Thanks for your consideration!