W3C home > Mailing lists > Public > public-css-archive@w3.org > June 2020

Re: [csswg-drafts] [css-images] image-orientation:none violates same-origin policy (#5165)

From: Noam Rosenthal via GitHub <sysbot+gh@w3.org>
Date: Fri, 05 Jun 2020 09:43:11 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-639373551-1591350190-sysbot+gh@w3.org>
> If we do have to prevent `image-orientation` from working on images that came from opaque responses, it would be nice if we could unconditionally apply the orientation (and I guess pretend from the [whatwg/html#5603](https://github.com/whatwg/html/pull/5603) APIs that there was no orientation metadata), so that we can try to treat orientation as an implementation detail of the image file representation. But that would make it tricky for authors wanting to use `image-orientation: none` to turn off the new re-orientation effects for their pages that rely on it not being applied.

I think that's a better approach... the threat comes from the "overriding" feature, not from the implementation detail of using EXIF. An image format may similarly have an internal representation of orientation/resolution supported internally in the decoder - would that also be limited to same-origin/CORS images?

EXIF is not the issue here - it's the mixing of image-originated data and markup-originated data, which is something that currently occurs only for naturalWidth/naturalHeight.
If we want to take a more generic approach - I think it should tackle those blurred boundaries between content and markup.

GitHub Notification of comment by noamr
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5165#issuecomment-639373551 using your GitHub account
Received on Friday, 5 June 2020 09:43:12 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 06:42:09 UTC