Re: [filter-effects][css-masking] Move security model for resources to CSP

On Sat, Apr 6, 2013 at 10:02 PM, Bjoern Hoehrmann <derhoermi@gmx.net> wrote:
> * Anne van Kesteren wrote:
>>That sounds fucked up. Deciding the fetching policy based on the
>>presence of a fragment identifier in the URL is a severe layering
>>violation. What if we introduce a fragment identifier to crop an
>>image?
>
> http://www.w3.org/TR/css3-images/#image-notation proposes a `image(...)`
> functional notation that can be used where `url(...)` does not suffice,
> and SVG 1.0 and http://www.w3.org/TR/media-frags/ already provide such
> functionality, which can be used in combination with `image(...)`. I've
> http://lists.w3.org/Archives/Public/www-style/2013Mar/0190.html argued
> that there should be an example using `image(...)` in the masking draft
> to avoid this particular confusion.

Even so that would still mean CSS will have this fragment identifier
presence determines processing behavior bug. Clearly a new syntax
should have been used for masks, e.g. mask(url)...


--
http://annevankesteren.nl/

Received on Monday, 8 April 2013 14:29:31 UTC