Re: img issue: should we restrict the URI

On Mon, 28 Jan 2008 06:10:52 +0100, Jeff Schiller <>  
> In my opinion, I really think that these things should be considered
> within the context of the HTML WG since we are trying to define the
> expected behavior of the UA when encountering the html:img element
> (not the UA behavior when it encounters the svg:image element, which
> does not impose all these restrictions).

I thought the same thing was applicable to svg:image. Anyway, you didn't  
elaborate would be the right place given that the CSS properties  
'background-image', 'content', 'list-style-image', etc. will all do pretty  
much the same.

> Another question:  If the SVG file links to another external resource
> (for example, another SVG file), is this allowed when SVG is included
> via HTML's <img>?  What about external CSS, rasters?   What about
> foreignObject?  What does Opera do today?  Allow external references
> but script-neuter those external SVGs too?  Sorry for all the
> questions on this - yes, I should test this myself, just curious if
> any experts know already...

External resources are allowed. Scripts are obviously disabled there too.  
Any reference will mark the image as "unsafe" for <canvas> purposes if I  
remember correctly.

Anne van Kesteren

Received on Monday, 28 January 2008 10:29:57 UTC