- From: Eric Portis via GitHub <sysbot+gh@w3.org>
- Date: Thu, 15 Feb 2024 14:55:34 +0000
- To: public-css-archive@w3.org
I suppose I am more absolute, because it makes the security model of the web 1) stronger 2) easier to reason about. Web developers and users don't have to worry about this entire class of security problems if the platform can take care of it for them. My take is more like "cross origin reads of any kind should have never been allowed, and we certainly shouldn't open up new ones." Intrinsic sizing being exposed was, in hindsight, a mistake, and there are [active efforts to fix it](https://github.com/annevk/orb/issues/3) (although this is a very hard thing to do in a web compatible manner). In your foot-gunning metaphor, I wouldn't say I'm for "annihilating the floor", but I am for comprehensive gun control, and wish we'd had it thirty years ago. -- GitHub Notification of comment by eeeps Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5165#issuecomment-1946261227 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 15 February 2024 14:55:36 UTC