[svgwg] Clarify <iframe> behavior in <svg:use> (#876) from Emilio Cobos Álvarez via GitHub on 2022-02-25 (public-svg-issues@w3.org from February 2022)

From: Emilio Cobos Álvarez via GitHub <sysbot+gh@w3.org>
Date: Fri, 25 Feb 2022 19:50:56 +0000
To: public-svg-issues@w3.org
Message-ID: <issues.opened-1150809716-1645818654-sysbot+gh@w3.org>

emilio has just created a new issue for https://github.com/w3c/svgwg:

== Clarify <iframe> behavior in <svg:use> ==
https://www.w3.org/TR/SVG2/struct.html#UseShadowTree:

> Within a [use-element shadow tree](https://www.w3.org/TR/SVG2/struct.html#TermUseElementShadowTree), ‘[script](https://www.w3.org/TR/SVG2/interact.html#ScriptElement)’ elements are inert (do not execute); ‘[audio](https://www.w3.org/TR/SVG2/embedded.html#HTMLElements)’ and ‘[video](https://www.w3.org/TR/SVG2/embedded.html#HTMLElements)’ elements are subject to the limitations specified in the [Multimedia](https://www.w3.org/TR/SVG2/struct.html#UseMultimedia) section.
>
> > Previous versions of SVG restricted the contents of the shadow tree to SVG graphics elements. This specification allows any valid SVG document subtree to be cloned. Cloning non-graphical content, however, will not usually have any visible effect.

Ok, so `<script>` is inert. But `<iframe>` isn't, which means I can load an `<iframe>` and execute script. That seems fairly weird. Is it intended? If not, what should the behavior of `<iframe>` inside `<svg:use>` be?

Please view or discuss this issue at https://github.com/w3c/svgwg/issues/876 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 25 February 2022 20:00:36 UTC