Re: [csswg-drafts] [mediaqueries-5] Script control of (prefers-*) queries (#6517) from Tab Atkins Jr. via GitHub on 2022-06-17 (public-css-archive@w3.org from June 2022)

From: Tab Atkins Jr. via GitHub <sysbot+gh@w3.org>
Date: Fri, 17 Jun 2022 21:55:55 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-1159255330-1655502954-sysbot+gh@w3.org>

Yeah, we can't introduce a new communication channel to cross-origin iframes, so the preference can't trickle down *everywhere*. It def should go down origins that can communicate, tho.

But #7213 does bring up the point that SVG-as-image can't run script *or* load external resources, so it shouldn't be able to exfiltrate any information. Whatever we do, we should match there.

-- 
GitHub Notification of comment by tabatkins
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/6517#issuecomment-1159255330 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 17 June 2022 21:55:57 UTC