Meeting minutes, 2012-11-08

Hi,

Here are the meeting minutes of our weekly telcon from 2012-11-08: http://www.w3.org/2012/11/08-svg-minutes.html

Greetings,
Dirk

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                    SVG Working Group Teleconference

08 Nov 2012

   [2]Agenda

      [2] http://lists.w3.org/Archives/Public/public-svg-wg/2012OctDec/0020.html

   See also: [3]IRC log

      [3] http://www.w3.org/2012/11/08-svg-irc

Attendees

   Present
          [IPcaller], ed, +61.2.980.5.aaaa, nikos, Tab_Atkins,
          +1.415.832.aabb, krit, cabanier, Doug_Schepers

   Regrets
   Chair
          ed

   Scribe
          krit, TabAtkins

Contents

     * [4]Topics
     * [5]Summary of Action Items
     __________________________________________________________

   <trackbot> Date: 08 November 2012

   <TabAtkins> Oh, it's UTC, not GMT, so it doesn't care about the
   seasonal adjustment. kk.

   <krit> ScribeNick krit

   <krit> ScribeNick: krit

   topic Ambiguities in fill:url() / stroke:url() syntax

   TabAtkins: browsers use different code paths for getting
   resources if it is an image or an external resource
   ... this is fine currently
   ... mask is the first property where we may define both
   ... so we need to find a solution how we can differ between the
   two kind of code paths
   ... talked with roc and krit and came up with a simple rule
   that works in most cases
   ... the rule is: for most css properties a URL is always an
   image
   ... fill and stroke would interprete a URL with hash as
   resource instead of an image by default
   ... this would apply to the mask property as well
   ... if URL has an hash, it will point to an resource, otherwise
   image
   ... we would differ on property base if the default would be an
   image (like background) or a resource like on fill stroke
   ... hopefully this does not have a lot of compat problems
   ... it might be diffcult on mask, where things would be
   interprete as image currently, which would be interpreted as
   resource in the future
   ... this is a very low risv

   risc

   TabAtkins: to force an image load you need to take an image()
   function

   ed: for opera this sounds fine
   ... mask would be the only property where it could cause
   problems

   TabAtkins: yes

   <TabAtkins> ScribeNick: TabAtkins

   krit: Tab asked me if there is a technical reason why I'm
   opposed to this behavior for mask-image.
   ... The problem on webkit is that we interpret as resoruce or
   image solely on the property basis.
   ... Currently on -webkit-mask-image it's only an image.
   ... Changing things would mean a decent bit of refactoring,
   which realisticaly speaking is not happening.

   TabAtkins: So, ignoring legacy, if we introduced a brand new
   property that accepted both refs and images, and used this rule
   to distinguish, you're saying it would be a problem?

   krit: Yes, becasue of the necessary refactoring in our CSS
   Parser.

   TabAtkins: Okay. If it's just a matter of lack of resources for
   webkit on SVG, not a problem of actual technical difficulty,
   I'm okay with still accepting this rule.

   <krit> ScribeNick: krit

   krit: not technical difficulty speaking of web point of view
   ... just implementation point of view on webkit
   ... the compat problems could be SVG fragments like view box
   ... these could still be used with image() in the future, but
   would be incompatible at the moment

   TabAtkins: right but roc fantaai and me thought it would be
   easier to make the rule for parsing easier
   ... and introduce image() instead

   <ed> by view box I assume you mean something like:
   #svgView(...)

   TabAtkins: with image() the user can force the parser to
   interpret as image
   ... yes, that is what i mean

   krit: I would like to delay the decision until looking into
   this more in webkit

   TabAtkins: If it is parser relaed, I can take a look as well

   krit: it is parser and structure related

   ed: where shold such a rule get to?

   krit: maybe CSS images or units and values, propably the later.
   But also SVG

   TabAtkins: units and values would be fine

   krit: this is just related to CSS at the moment
   ... what about attributes unrelated to CSS like xlink:href

   TabAtkins: should not effect these

   ed: agree, is different
   ... what about caching behavior
   ... came up on mailing list, should we consider that
   ... should we cache the URL once and reuse it on all the places

   krit: this is difficult if you have different properties
   ... background would be an image and mask would be a resource,
   this should affect caching

   ed: mask property links to an elmeent in an svg and a fill to
   the same document but different id, you could cache the same
   document

   krit: Firefox would not load a resource if it is from a
   different domain
   ... I would like to move this topic to the agenda in two weeks

   ed: fine for me

   topiuc Cross domain resources in resource documents

   topic Cross domain resources in resource documents

   <ed>
   [6]http://lists.w3.org/Archives/Public/www-svg/2012Oct/0025.htm
   l

      [6] http://lists.w3.org/Archives/Public/www-svg/2012Oct/0025.html

   krit: Boris said that FF does not load external resources from
   different domains, I wonder if we specify that

   doug: if browsers do it anyway then I am fine to follow CORS

   ed: what about the same domain

   krit: is there a problem for same domain

   ed: depends
   ... you send an image and get a ping back, so you could get
   some notification from other users

   shepazu: we should be mindful about riscs, but don't see it for
   ed's scenario

   ed: Opera does download cross domain resources but does not
   execute scripts

   krit: lets say you load an external resource which has an
   onLoad event, should this onload event fire?

   ed: for Opera the onload events won't be fired in the document
   that has scripting disabled

   krit: the same for internal resources?
   ... <svg><use xlink:href="doc.svg#rect"/></svg>
   ... <rect onload="alert();" id="rect"/>
   ... this does not fire on opera

   ed: I think this is right

   krit: could scripts lead to any security issues on external
   resources?

   TabAtkins: disabling should not lead to security issues

   ed: not sure if we had security concerns or it was made our
   implementation simpler (we did execute scripts in external use
   documents before, as required by tiny 1.2)

   krit: first, should external resources (corss domain), be
   dependent on CORS headers if they are loaded or not?
   ... this is the current behavior of FF
   ... I think we have the same rules on WebKit like FF

   ed: I think it makes sense to use CORS for external resources

   krit: I think we did not implement it that way in WebKit
   because of security concerns initially, but because of our
   handling of resources in general

   shepazu: and imv?

   s/imv/img/?

   krit: img is different
   ... we don't run scripts but declarative animations on it
   ... img does not contribute to hit testing
   ... even if I am not sure if we follow SVG spec here
   ... if you want hit testing use iframe, object or inline SVG

   ed: we just need to make sure that html:img and svg:image are
   allowed to download external cross domain resources

   krit: I had in mind to specify it explicitly for use, mask,
   filter, clip-path and paint servers
   ... not image resources

   resolution: use, mask, filter, clip-path and paint servers
   should check CORS before downloading external cross domain
   resources

   shepazu: you run into problems if you disallow JS execution on
   external resources

   krit: I don;t want to disallow more then needed. If there are
   no security problems, I am fine with keeping JS

   shepazu: SVG deployment basis would not be to bad on compat
   issues if we CORS scripts as well
   ... SVG could be more restrictive

   ed: I would personal like to let scripts apply the same as for
   HTML

   shepazu: Should we also restrict script to be the same origin
   with cors exceptions

   TabAtkins: sounds good for now

   shepazu: ed is the only one with concerns

   ed: we should verify that it does not break things

   shepazu: do you want to revisit later?

   ed: yes and let SVG not differ to much from HTML, that is my
   concern

   action dirk to follow up with this security model on webappsec

   <trackbot> Created ACTION-3399 - Follow up with this security
   model on webappsec [on Dirk Schulze - due 2012-11-15].

   ed: would be useless if CORS jsut applies to svg:script but not
   on html:script elements

   krit: I am not only talking about script elements

   topic Should MAsking and Filter Effects normatively reference
   SVG2

   krit: I am using the DOM interface model of SVG2 on both specs,
   because WebIDL is just supported with SVG2
   ... We ahve an agreement that ne DOM interfaces should use
   WebIDL
   ... this is actualy not a big deal but means that both specs
   can not leave CR until SVG2 is in CR

   ed: why does it need to reference SVG2?

   krit: because the DOM interface would be incompatible with
   SVG1.1 and WebIDL
   ... this is resolved in SVG2
   ... does anyone problems with that

   TabAtkins: fine with that

   ed: can leave it until it gets critical

   krit: any other concerns

   silence

   krit: do we need a resoultuion

   ed: don't think we need a resolution

   topic point element

   shepazu: defined SVGPointElement for SVG connectors
   ... ther might be other parts in the spec that need this point
   element
   ... I need to define how it works in connectors anyway

   TabAtkins: we should go ahead and lets connectors define Point
   element at the moment
   ... if we need it somewhere else, we can move it to SVG2 core

   krit: absolutely fine for me

   shepazu: would like to hear camerons opinion on that

   krit how far is mesh gradients and star element?

   Tav: waiting for feedback from Adobe

   cabanier: I'll look into that

   shepazu: nothing new on star

   ed: ping

   <ed> krit, yes?

   <ed> trackbot, make minutes

   <trackbot> Sorry, ed, I don't understand 'trackbot, make
   minutes'. Please refer to
   [7]http://www.w3.org/2005/06/tracker/irc for help.

      [7] http://www.w3.org/2005/06/tracker/irc

Summary of Action Items

   [End of minutes]
     __________________________________________________________


    Minutes formatted by David Booth's [8]scribe.perl version
    1.137 ([9]CVS log)
    $Date: 2012/11/08 22:19:43 $
     __________________________________________________________

      [8] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
      [9] http://dev.w3.org/cvsweb/2002/scribe/

Scribe.perl diagnostic output

   [Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.137  of Date: 2012/09/20 20:19:01
Check for newer version at [10]http://dev.w3.org/cvsweb/~checkout~/2002/
scribe/

     [10] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/aching/caching/
Succeeded: s/krtlets/krit: lets/
Succeeded: s/ for Opera all scripts are disabled on external resources./
 for Opera the onload events won't be fired in the document that has scr
ipting disabled/
Succeeded: s/it was easier to implement it/it was made our implementatio
n simpler (we did execute scripts in external use documents before, as r
equired by tiny 1.2)/
WARNING: Bad s/// command: s/imv/img/?
Succeeded: s/ed/shepazu/
Succeeded: s/ing and image/html:img and svg:image/
Succeeded: s/be/reference/
Found ScribeNick: krit
Found ScribeNick: TabAtkins
Found ScribeNick: krit
Inferring Scribes: krit, TabAtkins
Scribes: krit, TabAtkins
ScribeNicks: krit, TabAtkins

WARNING: No "Topic:" lines found.

Default Present: [IPcaller], ed, +61.2.980.5.aaaa, nikos, Tab_Atkins, +1
.415.832.aabb, krit, cabanier, Doug_Schepers
Present: [IPcaller] ed +61.2.980.5.aaaa nikos Tab_Atkins +1.415.832.aabb
 krit cabanier Doug_Schepers
Agenda: [11]http://lists.w3.org/Archives/Public/public-svg-wg/2012OctDec
/0020.html
Found Date: 08 Nov 2012
Guessing minutes URL: [12]http://www.w3.org/2012/11/08-svg-minutes.html
People with action items:

     [11] http://lists.w3.org/Archives/Public/public-svg-wg/2012OctDec/0020.html
     [12] http://www.w3.org/2012/11/08-svg-minutes.html

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.


WARNING: No "Topic: ..." lines found!
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report



   End of [13]scribe.perl diagnostic output]

     [13] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm

Received on Thursday, 8 November 2012 22:24:55 UTC