W3C home > Mailing lists > Public > public-css-archive@w3.org > October 2020

Re: [csswg-drafts] [CSS-COLOR-4] Security/Privacy: Incognito mode (#5553)

From: Tab Atkins Jr. via GitHub <sysbot+gh@w3.org>
Date: Fri, 09 Oct 2020 16:27:23 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-706278583-1602260842-sysbot+gh@w3.org>
> I don't believe we do that for other colors.

Note that they said "actual value", which is the final value stage and will forever be hidden from pages; "actual value" also deals with things like subpixel rounding, which would offer similar privacy issues if they were exposed.

> @tabatkins any further thoughts on the used vale of color()? Used values also impact currentColor, right?

I agree with you that both the computed and used values of a `color()` function should just be the input value; `color(--foo "deeppink")` should stay in that form in both computed and used values. We will be offering color conversion tools in Houdini, which I expect will let you get a color like that converted into whatever other space you want, so it's not like the information will be hidden from the page; again tho, that's not a privacy concern beyond the cached-identifier thing, as it's just reflecting the contents of a file the page already included. It will not contain any information about the actual output-device gamut.

GitHub Notification of comment by tabatkins
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5553#issuecomment-706278583 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 9 October 2020 16:27:25 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 06:42:20 UTC