W3C home > Mailing lists > Public > www-style@w3.org > June 2013

Re: [css-shapes] restricting <uri> in shape-outside to CORS-same-origin?

From: Anne van Kesteren <annevk@annevk.nl>
Date: Sat, 8 Jun 2013 07:09:32 +0100
Message-ID: <CADnb78j-GZbpxwGHLuBt13bfreKOCLSoMPatY-C7EKx=USK+xw@mail.gmail.com>
To: Alan Stearns <stearns@adobe.com>
Cc: W3C Style <www-style@w3.org>
On Fri, Jun 7, 2013 at 11:39 AM, Alan Stearns <stearns@adobe.com> wrote:
> Would it be sufficient to change the definition to this?
>
> ---
> If the <uri> references an image
> which is CORS-same-origin,
> the shape is extracted and computed
> based on the alpha channel of the
> specified image. If the <uri> does
> not reference an image or if it
> references an image which is not
> CORS-same-origin, the effect
> is as if the value Œauto¹ had been
> specified.
> ---
>
> I'm assuming I would link CORS-same-origin to
> http://fetch.spec.whatwg.org/#cors-same-origin

This looks like a great start and defines reasonably clearly what to
do with all types of responses you might get back (we might change
"CORS-same-origin" to a clearer term).

It does not define what policy you use for fetching the resource.
Currently most everything uses tainted cross-origin, <img>,
background-image, etc. CSS should probably define a general fetching
policy that states a default and then you need to decide whether you
want to deviate from that for certain properties (e.g. for this
property only CORS makes sense) or if you want a generic mechanism
that is the same for all <url> types.


--
http://annevankesteren.nl/
Received on Saturday, 8 June 2013 06:09:59 UTC

This archive was generated by hypermail 2.3.1 : Saturday, 8 June 2013 06:09:59 UTC