- From: arturjanc via GitHub <sysbot+gh@w3.org>
- Date: Tue, 15 Nov 2022 17:54:49 +0000
- To: public-css-archive@w3.org
A script by definition has full same-origin access to the data in the origin of the application which executes the script. A stylesheet, while still quite powerful, is much more limited in the data it can access. When we increase the capabilities of CSS, we need to take into account how these capabilities will affect existing websites -- this is where concerns around the effect on content passed through CSS sanitizers or the potential for Content Security Policy bypasses come in. Limiting `value()` to data explicitly marked as readable by stylesheets seems like a reasonable possible solution to explore here. -- GitHub Notification of comment by arturjanc Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/7869#issuecomment-1315672628 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 15 November 2022 17:54:51 UTC