W3C home > Mailing lists > Public > www-svg@w3.org > December 2005

SVGT 1.2: XML events handlers attached to elements from other documents

From: Maciej Stachowiak <mjs@apple.com>
Date: Wed, 28 Dec 2005 04:00:16 -0700
Message-Id: <0D905ACF-66D9-4263-8464-3BB579885CF7@apple.com>
To: www-svg@w3c.org

"2.  IRIREFs instead of IDREFs: the observer, handler and target  
attributes from XML Events are currently IDREFs. Since SVG 1.2  
requires a  declarative syntax for event handling in more than one  
document, it uses IRIREFs for those attributes, with the following  
restriction: only documents that are declaratively referenced as part  
of the current document, via the use and animation elements, can be  
referred to. Referring to any other arbitrary external document is  
unsupported and User Agents must ignore such references."

Declarative attachment of event handlers to external documents is a  
potential security risk if it is allowed on documents that come from  
different domains. It also seems to add significant complexity. I  
suggest removing this capability. It can still be done through  
scripting, and the proper security model will be applied.

Also it seems inappropriate to take attributes and elements from  
namespaces defined by other specs and change their meaning. What if a  
UA wants to implement both XML Events as specified and SVG 1.2 Tiny?  
Therefore, if the changed meaning of these attributes is kept, they  
should be either renamed or put in another namespace.

Finally, "handler" takes a URI, not an IDREF, in XML Events.

Received on Wednesday, 28 December 2005 11:00:47 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 8 March 2017 09:47:05 UTC