[csswg-drafts] [css-images-4] object-* properties and the iframe element (#7143) from Tab Atkins Jr. via GitHub on 2022-03-15 (public-css-archive@w3.org from March 2022)

From: Tab Atkins Jr. via GitHub <sysbot+gh@w3.org>
Date: Tue, 15 Mar 2022 20:40:03 +0000
To: public-css-archive@w3.org
Message-ID: <issues.opened-1170226786-1647376802-sysbot+gh@w3.org>

tabatkins has just created a new issue for https://github.com/w3c/csswg-drafts:

== [css-images-4] object-* properties and the iframe element ==
Internal google security review of [the object-overflow property](https://drafts.csswg.org/css-images-4/#the-object-overflow) led them to ask about how this works on iframes; the reviewers were concerned about the possibility of iframes drawing outside of their bounds when object-view-box or object-fit caused them to be larger than the content box of the element.

This seems like a very reasonable concern to me, and I think the use-case for iframes drawing outside their bounds is of minimal usefulness (especially compared to the intended use-case, images). I propose that we require `iframe { object-overflow: clip !important; }` in the UA stylesheet.

It's possible we should restrict *all* the object-* properties to their initial values on iframes, as a cautionary measure. Do others have thoughts on this?

Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/7143 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 15 March 2022 20:40:04 UTC