W3C home > Mailing lists > Public > public-css-archive@w3.org > October 2020

Re: [csswg-drafts] [css-color-4] Security: handling of color-profiles (#5552)

From: jsalowey via GitHub <sysbot+gh@w3.org>
Date: Mon, 12 Oct 2020 04:52:34 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-706858176-1602478353-sysbot+gh@w3.org>
Adding this to the list of resources to address for CORS and CSP sound like a good idea.  Much better to handle this generically.  

There will be some added attack surface exposed by the processing of the color profiles, however the file format does not have potentially dangerous functionality such as scripting.    It would be a good to review and fuzz  implementations that handle this format, but I'm not sure that is something that goes in this spec.  

-- 
GitHub Notification of comment by jsalowey
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5552#issuecomment-706858176 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 12 October 2020 04:52:36 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 06:42:20 UTC