[filter-effects][css-masking] Move security model for resources to CSP

Hi,

CSS Masking [1] and Filter Effects [2] describe a security model for loading filter/masking/clipping resources from different origins. Speaking with some browser vendors it looks like these kind of security issues should be handled by the Content Security Policy (CSP) spec [3].

I would like to have the input of the FXTF and the Web Application Security working group about removing these sections (subsections) from the two specs and work closely together with the Web Application Security working group to get this specified in a general manner. This will be from interest for SVG2 as well.

Greetings,
Dirk

[1] https://dvcs.w3.org/hg/FXTF/raw-file/tip/masking/index.html#origin-restrictions
[2] https://dvcs.w3.org/hg/FXTF/raw-file/tip/filters/index.html#origin-restrictions
[3] http://www.w3.org/TR/CSP/

Received on Friday, 5 April 2013 05:58:30 UTC