|
|
|
|
|
|
by octalmage
3117 days ago
|
|
|
When you run code on a website you don’t own you have to be extremely careful. You’ll learn this quick building WordPress themes and plugins. They’re pretty careful not to directly affect the website by running their JavaScript in a scoped context and using IDs in the CSS selectors, but there is nothing to prevent the website front modifying their pop up. For example if my website had the .closebn class with display: none !important, a visitor would not be able to close the pop up. That’s a pretty common class name. To prevent this you should use dynamically generated class names that get swapped out at build time, or in this case even inline styles. Something like the close button of an injected pop up is pretty critical and inline styles would guarantee that it wouldn’t be messed with. (I haven’t tested any of this, this is based on a quick glance at the code) |
|
|
Btw, ignore caniuse etc - Firefox _technically_ does support Shadow DOM, just version 0, which it has apparently supported for a little while now. It's better than nothing in a pinch.
Chrome et al are at Shadow DOM v1, which is what caniuse tests its support/no-support metrics against.