Re: [csswg-drafts] [css-color-4] Security: handling of color-profiles (#5552) from jsalowey via GitHub on 2020-10-12 (public-css-archive@w3.org from October 2020)

From: jsalowey via GitHub <sysbot+gh@w3.org>
Date: Mon, 12 Oct 2020 04:52:34 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-706858176-1602478353-sysbot+gh@w3.org>

Adding this to the list of resources to address for CORS and CSP sound like a good idea.  Much better to handle this generically.  

There will be some added attack surface exposed by the processing of the color profiles, however the file format does not have potentially dangerous functionality such as scripting.    It would be a good to review and fuzz  implementations that handle this format, but I'm not sure that is something that goes in this spec.  

-- 
GitHub Notification of comment by jsalowey
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5552#issuecomment-706858176 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 12 October 2020 04:52:36 UTC