- From: Dirk Schulze <dschulze@adobe.com>
- Date: Thu, 8 Nov 2012 14:24:28 -0800
- To: "SVG WG (public-svg-wg@w3.org)" <public-svg-wg@w3.org>, www-svg list <www-svg@w3.org>
Hi, Here are the meeting minutes of our weekly telcon from 2012-11-08: http://www.w3.org/2012/11/08-svg-minutes.html Greetings, Dirk [1]W3C [1] http://www.w3.org/ - DRAFT - SVG Working Group Teleconference 08 Nov 2012 [2]Agenda [2] http://lists.w3.org/Archives/Public/public-svg-wg/2012OctDec/0020.html See also: [3]IRC log [3] http://www.w3.org/2012/11/08-svg-irc Attendees Present [IPcaller], ed, +61.2.980.5.aaaa, nikos, Tab_Atkins, +1.415.832.aabb, krit, cabanier, Doug_Schepers Regrets Chair ed Scribe krit, TabAtkins Contents * [4]Topics * [5]Summary of Action Items __________________________________________________________ <trackbot> Date: 08 November 2012 <TabAtkins> Oh, it's UTC, not GMT, so it doesn't care about the seasonal adjustment. kk. <krit> ScribeNick krit <krit> ScribeNick: krit topic Ambiguities in fill:url() / stroke:url() syntax TabAtkins: browsers use different code paths for getting resources if it is an image or an external resource ... this is fine currently ... mask is the first property where we may define both ... so we need to find a solution how we can differ between the two kind of code paths ... talked with roc and krit and came up with a simple rule that works in most cases ... the rule is: for most css properties a URL is always an image ... fill and stroke would interprete a URL with hash as resource instead of an image by default ... this would apply to the mask property as well ... if URL has an hash, it will point to an resource, otherwise image ... we would differ on property base if the default would be an image (like background) or a resource like on fill stroke ... hopefully this does not have a lot of compat problems ... it might be diffcult on mask, where things would be interprete as image currently, which would be interpreted as resource in the future ... this is a very low risv risc TabAtkins: to force an image load you need to take an image() function ed: for opera this sounds fine ... mask would be the only property where it could cause problems TabAtkins: yes <TabAtkins> ScribeNick: TabAtkins krit: Tab asked me if there is a technical reason why I'm opposed to this behavior for mask-image. ... The problem on webkit is that we interpret as resoruce or image solely on the property basis. ... Currently on -webkit-mask-image it's only an image. ... Changing things would mean a decent bit of refactoring, which realisticaly speaking is not happening. TabAtkins: So, ignoring legacy, if we introduced a brand new property that accepted both refs and images, and used this rule to distinguish, you're saying it would be a problem? krit: Yes, becasue of the necessary refactoring in our CSS Parser. TabAtkins: Okay. If it's just a matter of lack of resources for webkit on SVG, not a problem of actual technical difficulty, I'm okay with still accepting this rule. <krit> ScribeNick: krit krit: not technical difficulty speaking of web point of view ... just implementation point of view on webkit ... the compat problems could be SVG fragments like view box ... these could still be used with image() in the future, but would be incompatible at the moment TabAtkins: right but roc fantaai and me thought it would be easier to make the rule for parsing easier ... and introduce image() instead <ed> by view box I assume you mean something like: #svgView(...) TabAtkins: with image() the user can force the parser to interpret as image ... yes, that is what i mean krit: I would like to delay the decision until looking into this more in webkit TabAtkins: If it is parser relaed, I can take a look as well krit: it is parser and structure related ed: where shold such a rule get to? krit: maybe CSS images or units and values, propably the later. But also SVG TabAtkins: units and values would be fine krit: this is just related to CSS at the moment ... what about attributes unrelated to CSS like xlink:href TabAtkins: should not effect these ed: agree, is different ... what about caching behavior ... came up on mailing list, should we consider that ... should we cache the URL once and reuse it on all the places krit: this is difficult if you have different properties ... background would be an image and mask would be a resource, this should affect caching ed: mask property links to an elmeent in an svg and a fill to the same document but different id, you could cache the same document krit: Firefox would not load a resource if it is from a different domain ... I would like to move this topic to the agenda in two weeks ed: fine for me topiuc Cross domain resources in resource documents topic Cross domain resources in resource documents <ed> [6]http://lists.w3.org/Archives/Public/www-svg/2012Oct/0025.htm l [6] http://lists.w3.org/Archives/Public/www-svg/2012Oct/0025.html krit: Boris said that FF does not load external resources from different domains, I wonder if we specify that doug: if browsers do it anyway then I am fine to follow CORS ed: what about the same domain krit: is there a problem for same domain ed: depends ... you send an image and get a ping back, so you could get some notification from other users shepazu: we should be mindful about riscs, but don't see it for ed's scenario ed: Opera does download cross domain resources but does not execute scripts krit: lets say you load an external resource which has an onLoad event, should this onload event fire? ed: for Opera the onload events won't be fired in the document that has scripting disabled krit: the same for internal resources? ... <svg><use xlink:href="doc.svg#rect"/></svg> ... <rect onload="alert();" id="rect"/> ... this does not fire on opera ed: I think this is right krit: could scripts lead to any security issues on external resources? TabAtkins: disabling should not lead to security issues ed: not sure if we had security concerns or it was made our implementation simpler (we did execute scripts in external use documents before, as required by tiny 1.2) krit: first, should external resources (corss domain), be dependent on CORS headers if they are loaded or not? ... this is the current behavior of FF ... I think we have the same rules on WebKit like FF ed: I think it makes sense to use CORS for external resources krit: I think we did not implement it that way in WebKit because of security concerns initially, but because of our handling of resources in general shepazu: and imv? s/imv/img/? krit: img is different ... we don't run scripts but declarative animations on it ... img does not contribute to hit testing ... even if I am not sure if we follow SVG spec here ... if you want hit testing use iframe, object or inline SVG ed: we just need to make sure that html:img and svg:image are allowed to download external cross domain resources krit: I had in mind to specify it explicitly for use, mask, filter, clip-path and paint servers ... not image resources resolution: use, mask, filter, clip-path and paint servers should check CORS before downloading external cross domain resources shepazu: you run into problems if you disallow JS execution on external resources krit: I don;t want to disallow more then needed. If there are no security problems, I am fine with keeping JS shepazu: SVG deployment basis would not be to bad on compat issues if we CORS scripts as well ... SVG could be more restrictive ed: I would personal like to let scripts apply the same as for HTML shepazu: Should we also restrict script to be the same origin with cors exceptions TabAtkins: sounds good for now shepazu: ed is the only one with concerns ed: we should verify that it does not break things shepazu: do you want to revisit later? ed: yes and let SVG not differ to much from HTML, that is my concern action dirk to follow up with this security model on webappsec <trackbot> Created ACTION-3399 - Follow up with this security model on webappsec [on Dirk Schulze - due 2012-11-15]. ed: would be useless if CORS jsut applies to svg:script but not on html:script elements krit: I am not only talking about script elements topic Should MAsking and Filter Effects normatively reference SVG2 krit: I am using the DOM interface model of SVG2 on both specs, because WebIDL is just supported with SVG2 ... We ahve an agreement that ne DOM interfaces should use WebIDL ... this is actualy not a big deal but means that both specs can not leave CR until SVG2 is in CR ed: why does it need to reference SVG2? krit: because the DOM interface would be incompatible with SVG1.1 and WebIDL ... this is resolved in SVG2 ... does anyone problems with that TabAtkins: fine with that ed: can leave it until it gets critical krit: any other concerns silence krit: do we need a resoultuion ed: don't think we need a resolution topic point element shepazu: defined SVGPointElement for SVG connectors ... ther might be other parts in the spec that need this point element ... I need to define how it works in connectors anyway TabAtkins: we should go ahead and lets connectors define Point element at the moment ... if we need it somewhere else, we can move it to SVG2 core krit: absolutely fine for me shepazu: would like to hear camerons opinion on that krit how far is mesh gradients and star element? Tav: waiting for feedback from Adobe cabanier: I'll look into that shepazu: nothing new on star ed: ping <ed> krit, yes? <ed> trackbot, make minutes <trackbot> Sorry, ed, I don't understand 'trackbot, make minutes'. Please refer to [7]http://www.w3.org/2005/06/tracker/irc for help. [7] http://www.w3.org/2005/06/tracker/irc Summary of Action Items [End of minutes] __________________________________________________________ Minutes formatted by David Booth's [8]scribe.perl version 1.137 ([9]CVS log) $Date: 2012/11/08 22:19:43 $ __________________________________________________________ [8] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [9] http://dev.w3.org/cvsweb/2002/scribe/ Scribe.perl diagnostic output [Delete this section before finalizing the minutes.] This is scribe.perl Revision: 1.137 of Date: 2012/09/20 20:19:01 Check for newer version at [10]http://dev.w3.org/cvsweb/~checkout~/2002/ scribe/ [10] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/aching/caching/ Succeeded: s/krtlets/krit: lets/ Succeeded: s/ for Opera all scripts are disabled on external resources./ for Opera the onload events won't be fired in the document that has scr ipting disabled/ Succeeded: s/it was easier to implement it/it was made our implementatio n simpler (we did execute scripts in external use documents before, as r equired by tiny 1.2)/ WARNING: Bad s/// command: s/imv/img/? Succeeded: s/ed/shepazu/ Succeeded: s/ing and image/html:img and svg:image/ Succeeded: s/be/reference/ Found ScribeNick: krit Found ScribeNick: TabAtkins Found ScribeNick: krit Inferring Scribes: krit, TabAtkins Scribes: krit, TabAtkins ScribeNicks: krit, TabAtkins WARNING: No "Topic:" lines found. Default Present: [IPcaller], ed, +61.2.980.5.aaaa, nikos, Tab_Atkins, +1 .415.832.aabb, krit, cabanier, Doug_Schepers Present: [IPcaller] ed +61.2.980.5.aaaa nikos Tab_Atkins +1.415.832.aabb krit cabanier Doug_Schepers Agenda: [11]http://lists.w3.org/Archives/Public/public-svg-wg/2012OctDec /0020.html Found Date: 08 Nov 2012 Guessing minutes URL: [12]http://www.w3.org/2012/11/08-svg-minutes.html People with action items: [11] http://lists.w3.org/Archives/Public/public-svg-wg/2012OctDec/0020.html [12] http://www.w3.org/2012/11/08-svg-minutes.html WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option. WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report End of [13]scribe.perl diagnostic output] [13] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
Received on Thursday, 8 November 2012 22:25:00 UTC