- From: Karl Dubost via GitHub <noreply@w3.org>
- Date: Tue, 18 Nov 2025 00:58:54 +0000
- To: public-svg-issues@w3.org
karlcow has just labeled an issue for https://github.com/w3c/svgwg as "Agenda+": == Clarify <iframe> behavior in <svg:use> == https://www.w3.org/TR/SVG2/struct.html#UseShadowTree: > Within a [use-element shadow tree](https://www.w3.org/TR/SVG2/struct.html#TermUseElementShadowTree), ‘[script](https://www.w3.org/TR/SVG2/interact.html#ScriptElement)’ elements are inert (do not execute); ‘[audio](https://www.w3.org/TR/SVG2/embedded.html#HTMLElements)’ and ‘[video](https://www.w3.org/TR/SVG2/embedded.html#HTMLElements)’ elements are subject to the limitations specified in the [Multimedia](https://www.w3.org/TR/SVG2/struct.html#UseMultimedia) section. > > > Previous versions of SVG restricted the contents of the shadow tree to SVG graphics elements. This specification allows any valid SVG document subtree to be cloned. Cloning non-graphical content, however, will not usually have any visible effect. Ok, so `<script>` is inert. But `<iframe>` isn't, which means I can load an `<iframe>` and execute script. That seems fairly weird. Is it intended? If not, what should the behavior of `<iframe>` inside `<svg:use>` be? See https://github.com/w3c/svgwg/issues/876 -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 18 November 2025 00:58:55 UTC