Re: Interactive Declarative Animation in <img> from Doug Schepers on 2015-03-26 (www-svg@w3.org from March 2015)

From: Doug Schepers <schepers@w3.org>
Date: Thu, 26 Mar 2015 13:49:05 -0400
To: Daniel Holbert <dholbert@mozilla.com>, David Dailey <ddailey@zoominternet.net>, 'www-svg' <www-svg@w3.org>, 'Chris Lilley' <chris@w3.org>
Message-ID: <55144691.8020803@w3.org>

Hi, Daniel–

On 3/26/15 1:27 PM, Daniel Holbert wrote:
> On 03/25/2015 10:46 PM, Doug Schepers wrote:
>> To be clear, it's not about "SMIL-events", it's any user-initiated
>> interactivity, including the navigation of links, hover effects, etc.,
>> which also includes events that trigger animations.
>>
>> I think these should be allowed for SVGs in <img>, but we have to figure
>> out what that would mean.
>
> Right, CSS hover effects are another good (non-SMIL-related) event
> interaction model here.

Yup.

> Semi-strawman suggestion: maybe we'd even want to allow mousewheel
> scrolling of overflow:scroll content?  This doesn't seem very
> "image-like", but it is in line with a "secure interactive animated mode".

Huh! I hadn't thought of that.

You mean for panning, or for zooming? Right now, we don't have a 
declarative way to bind particular event types to pan, zoom, or rotate, 
though that would be cool.

If you just mean scrolling, that should be handled by 
overflow:scroll(-x|y), right? (BTW, I don't think that would necessitate 
us sending the events to the image itself, would it? Just to the HTML 
viewport… does an <img> even establish a viewport in the same way?)

> "Navigation of links" scares me.  I think you'll agree that we shouldn't
> allow navigation to *external links* from inside an image. :) This is a
> natural extension (requirement?) of the "no external resources" rule for
> SVG-as-an-image.  We could conceivably allow navigation *to an anchor
> within the image-document*, but this would still let the image change
> its own URL, which seems to introduce undesirable complexity.

Consider 2 very common cases:

* image maps
* advertisements

You would argue that those are links outside the image itself, in the 
HTML; fair enough. But is that necessary? Does it change security or 
privacy in any way? If someone clicks on an image, such as an ad, don't 
they think they are actually interacting with the image, and not some 
invisible handler in the hosting page?

We could add spec details limiting these link interactions, if 
necessary; but since I'm not clear on the attack vector or potential 
exploit, I don't know what limits would be reasonable.

What sort of problems do you foresee?

Regards–
–Doug

Received on Thursday, 26 March 2015 17:49:25 UTC