W3C home > Mailing lists > Public > www-svg@w3.org > December 2012

Re: SVG <glyph> element spec

From: Stephen Chenney <schenney@chromium.org>
Date: Fri, 21 Dec 2012 08:04:02 -0500
Message-ID: <CAObCcUrekp6BUGXi71PbKpa1o2om14iRL1BoM3Asi4NXV2z+GQ@mail.gmail.com>
To: Tavmjong Bah <tavmjong@free.fr>
Cc: Dirk Schulze <dschulze@adobe.com>, David Dailey <ddailey@zoominternet.net>, Erik Dahlstrom <ed@opera.com>, "www-svg@w3.org" <www-svg@w3.org>
On Fri, Dec 21, 2012 at 7:47 AM, Tavmjong Bah <tavmjong@free.fr> wrote:

> On Thu, 2012-12-20 at 08:02 -0800, Dirk Schulze wrote:
> > On Dec 20, 2012, at 2:45 AM, "David Dailey" <ddailey@zoominternet.net>
> wrote:
> >
> > > The Adobe ASV viewer supports arbitrary content inside <glyph>. Please
> let me know if a proposal to drop support for colors and other non-path
> content inside <glyph> gains traction. Emoji contain color as a semantic
> aspect of Unicode defininitions of characters, and as those who saw our
> presentation in Boston about geometric accessibility, accessibility to
> special textual affects is permanently impaired if SVG is crippled in this
> way.
> > >
> > > It will be a good opportunity for me to learn to file formal
> objections through the W3C process, and I will be certain to do so!
> >
> > Is there a recording of the presentation? Or do you have a link to the
> documentation? This sounds like you are addressing pure visual aspects of
> styling.
> >
> > For WebKit we decided not to support arbitrary shapes because of
> different security considerations.
>
> I am curious to know what security consideration there would be to
> arbitrary shapes as compared to paths.
>
> Tav


It's not shapes that are a problem, it's arbitrary content. For example,
SVGImage or foreign object are allowed by the spec as written, and those
may link to external resources. Same, to a lesser extent, for <use>
elements or anything with a href. Loading external resources has security
implications, particularly when fonts themselves are frequently external
resources.

Stephen.
Received on Friday, 21 December 2012 13:04:32 GMT

This archive was generated by hypermail 2.3.1 : Friday, 8 March 2013 15:54:53 GMT