W3C home > Mailing lists > Public > public-fx@w3.org > April to June 2013

[filter-effects][css-masking] Move security model for resources to CSP

From: Dirk Schulze <dschulze@adobe.com>
Date: Thu, 4 Apr 2013 22:58:01 -0700
To: "public-fx@w3.org" <public-fx@w3.org>
CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <2E1B5D9A-2CDC-49F6-8F5F-C7E6762D7513@adobe.com>
Hi,

CSS Masking [1] and Filter Effects [2] describe a security model for loading filter/masking/clipping resources from different origins. Speaking with some browser vendors it looks like these kind of security issues should be handled by the Content Security Policy (CSP) spec [3].

I would like to have the input of the FXTF and the Web Application Security working group about removing these sections (subsections) from the two specs and work closely together with the Web Application Security working group to get this specified in a general manner. This will be from interest for SVG2 as well.

Greetings,
Dirk

[1] https://dvcs.w3.org/hg/FXTF/raw-file/tip/masking/index.html#origin-restrictions
[2] https://dvcs.w3.org/hg/FXTF/raw-file/tip/filters/index.html#origin-restrictions
[3] http://www.w3.org/TR/CSP/
Received on Friday, 5 April 2013 05:58:30 UTC

This archive was generated by hypermail 2.3.1 : Friday, 5 April 2013 05:58:30 UTC