- From: Emilio Cobos Álvarez via GitHub <sysbot+gh@w3.org>
- Date: Tue, 19 Nov 2019 22:49:42 +0000
- To: public-css-archive@w3.org
> This makes me wonder whether there would be extra complexity to handle cycle involving both attr and var. Maybe not a difficulty spec-wise, but the implementation may need some refactor. Yeah, I'd prefer to avoid this if possible. > How does the sanitizer work against CSS variable? Or it doesn't matter? I don't think it matters. If you're allowing CSS variables means that you're allowing `<style>` elements / `style` attributes, and then you may as well set `background-image` directly (without a variable). The interesting case here is where you disallow styles, but end up injecting styles anyway due to an `attr()` function. -- GitHub Notification of comment by emilio Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/4482#issuecomment-555752621 using your GitHub account
Received on Tuesday, 19 November 2019 22:50:53 UTC