W3C home > Mailing lists > Public > www-svg@w3.org > December 2012

Re: SVG <glyph> element spec

From: Jeremie Patonnier <jeremie.patonnier@gmail.com>
Date: Fri, 21 Dec 2012 14:16:29 +0100
Message-ID: <CAEi838nMXL54G_7uE_dfZrwBcS4KJYTkn-dOZw+ssEwFqFE2og@mail.gmail.com>
To: Tavmjong Bah <tavmjong@free.fr>
Cc: Dirk Schulze <dschulze@adobe.com>, David Dailey <ddailey@zoominternet.net>, Erik Dahlstrom <ed@opera.com>, "www-svg@w3.org" <www-svg@w3.org>

2012/12/21 Tavmjong Bah <tavmjong@free.fr>

> On Thu, 2012-12-20 at 08:02 -0800, Dirk Schulze wrote:
> > For WebKit we decided not to support arbitrary shapes because of
> different security considerations.
> I am curious to know what security consideration there would be to
> arbitrary shapes as compared to paths.
> Tav

I guess it should be the usual : <script> and <foreignObject> (that could
be explicitly forbidden) and all external ressources load through
xlink:href attributes (which can be forbidden as well or restrict through
the same origin policy). I think it's maybe what's missing in the spec.

Web : http://jeremie.patonnier.net
Twitter : @JeremiePat <http://twitter.com/JeremiePat>
Received on Friday, 21 December 2012 13:18:12 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 8 March 2017 09:47:30 UTC