W3C home > Mailing lists > Public > public-css-archive@w3.org > May 2017

Re: [csswg-drafts] [css-contain] Security/Privacy considerations of css-contain misuse?

From: Alan Stearns via GitHub <sysbot+gh@w3.org>
Date: Mon, 15 May 2017 18:56:22 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-301570406-1494874581-sysbot+gh@w3.org>
I don't think it would be useful to have a boilerplate "CSS can be misused" mention. The security section should either have the boilerplate "no new things here" or call out new specifics.

I think there might be some new things in css-contain with regards to security. Style containment gives people a new way to alter displayed counters. Size containment is a new way of creating overflow. Paint is a new way of clipping. Are any of these capabilities security concerns? 

Perhaps we should have a list of CSS capabilities that do raise security concerns, and note when a draft creates a new way of invoking a capability.

GitHub Notification of comment by astearns
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/1376#issuecomment-301570406 using your GitHub account
Received on Monday, 15 May 2017 18:56:28 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 10:12:53 UTC