Re: [css-color][filter-effects] (was: Re: [filter-effects] Tainted filter primitives)

On Tue Dec 24 2013 at 11:55:47 AM, Dirk Schulze <dschulze@adobe.com> wrote:

> I really wish to have currentColor behave in a way that it does not reveal
> any secured information.
>
> If we do not find an agreement, a way to limit the security restriction
> further would be to the following:
>
> For feFlood and feDropShadow: If the value for the ‘flood-color’ property
> computes to ‘inherit’ or ‘currentColor’ the feFlood filter primitive must
> be marked as tainted.
>
> For fe*Lighting: If the value for the ‘lighting-color’ property computes
> to ‘inherit’ or ‘currentColor’ the feFlood filter primitive must be marked
> as tainted.
>

'inherit' disappears by computed-value time - it's processed into the value
it represents at specified-value time.  <
http://dev.w3.org/csswg/css-cascade/#inherit>

Note that "flood-color: inherit;" doesn't expose anything, anyway - it
resolves to the value of 'flood-color' on the <feFlood>'s parent. It has no
connection to the graphics element that uses the filter containing an
<feFlood> element.

~TJ

Received on Thursday, 26 December 2013 22:46:00 UTC