Re: SVG image security restrictions

Oops, sent too early.

We could add a new image-loading mechanism that lets authors opt into
allowing SVG images to load external resources. However, that may make it
too easy for authors to accidentally enable the above scenarios.

A better idea might be to provide a way to pass in resources as parameters,
including from a CSS style sheet. This might even perform better if you
have a lot of SVG images using the same resources. Sketch:
  background-image: url-with-params("image.svg", "shared-resources.svg");
In the SVG:
  <rect fill="param(1#pattern)">
You'd require everything in url-with-params to be same-origin.

Rob
-- 
lbir ye,ea yer.tnietoehr  rdn rdsme,anea lurpr  edna e hnysnenh hhe uresyf
toD
selthor  stor  edna  siewaoeodm  or v sstvr  esBa  kbvted,t
rdsme,aoreseoouoto
o l euetiuruewFa  kbn e hnystoivateweh uresyf tulsa rehr  rdm  or rnea
lurpr
.a war hsrer holsa rodvted,t  nenh hneireseoouot.tniesiewaoeivatewt sstvr
esn

Received on Tuesday, 15 September 2015 00:05:00 UTC