- From: Robert O'Callahan <robert@ocallahan.org>
- Date: Tue, 15 Sep 2015 11:49:36 +1200
- To: "public-fx@w3.org" <public-fx@w3.org>, www-style <www-style@w3.org>
- Message-ID: <CAOp6jLZ2fPVJ_Y6SM4sPpKZ5o6C0fOmkX8CAtpFBaq7-SK6Svw@mail.gmail.com>
I don't understand the minutes very well, but heycam says authors want SVG images that can load external resources for sharing purposes, i.e., the "animated mode" from here: https://svgwg.org/specs/integration/#animated-mode We don't support that mode currently because it can lead to surprising, privacy-harming behavior for Web sites that allow third-party image uploads and have open redirectors. Example 1) Web site allows users to upload images of products for sale. 2) Web site also has some kind of open redirect functionality, i.e. some (maybe totally unrelated) service that accepts URLs containing a URL for another site, and causes a load to occur of the the contained URL, often by issuing an HTTP redirect to that URL. These are common. 3) Malicious user uploads an SVG image containing an external reference with a URL for the open redirector, redirecting to the user's own site. 4) Now whenever someone views the malicious user's image, the malicious user is notified, contrary to the privacy expectations of the site's users and operators. The more general problem is that there's an expectation that image files are self-contained and cannot trigger loads. "Animated mode" SVG images would violate that expectation. We could try to address the open redirect scenario by restricting HTTP redirects for loads performed by SVG images, but I'm not confident that restricting HTTP redirects is even enough. For example, what if the Web site has a service that loads arbitrary third party URLs in an IFRAME? Or some kind of auto-image-upload service that takes a URL? Even if we somehow gain confidence that we've blocked all avenues for exploitation, we'd have made the Web platform even more complicated with additional failure modes. Rob -- lbir ye,ea yer.tnietoehr rdn rdsme,anea lurpr edna e hnysnenh hhe uresyf toD selthor stor edna siewaoeodm or v sstvr esBa kbvted,t rdsme,aoreseoouoto o l euetiuruewFa kbn e hnystoivateweh uresyf tulsa rehr rdm or rnea lurpr .a war hsrer holsa rodvted,t nenh hneireseoouot.tniesiewaoeivatewt sstvr esn
Received on Monday, 14 September 2015 23:50:12 UTC