[security-request] Issue: CSS Cascading and Inheritance Levels 4 and 5 2021-09-17 > 2021-10-31 (#15) marked as REVIEW REQUESTED from fantasai via GitHub on 2021-09-18 (public-web-security@w3.org from September 2021)

From: fantasai via GitHub <sysbot+gh@w3.org>
Date: Sat, 18 Sep 2021 01:08:08 +0000
To: public-web-security@w3.org
Message-ID: <issues.labeled-999815161-None-sysbot+gh@w3.org>

fantasai has just labeled an issue for https://github.com/w3c/security-request as "REVIEW REQUESTED":

== CSS Cascading and Inheritance Levels 4 and 5 2021-09-17 > 2021-10-31 ==
- CSS Cascading and Inheritance Levels 4 and 5
- https://www.w3.org/TR/css-cascade-4/
- https://www.w3.org/TR/css-cascade-5/
- Note: Cascade 5 is a superset of Cascade 4, so we're sending the review requests together. See https://www.w3.org/TR/css-cascade-5/#additions-l4

- Hope to transition to CR by the end of October, ideally.
- Previous [review request](https://lists.w3.org/Archives/Public/public-web-security/2020Sep/0001.html) was against [Level 3 (now REC)](https://www.w3.org/TR/css-cascade-3/)
- See [Privacy and Security Considerations section](https://www.w3.org/TR/css-cascade-5/#priv-sec)
- Please file any issues in https://github.com/w3c/csswg-drafts/issues
- Explainer for Cascade 5's new “cascade layers” feature: see [minutes from Jen Simmons's presentation](https://lists.w3.org/Archives/Public/www-style/2020Feb/0009.html) 

Other comments:

As far as we can tell, the new features to Cascade since Level 3 do not affect security in any way; they just provide more sophisticated ways for authors to organize their style rules.

There is an [open issue](https://github.com/w3c/csswg-drafts/issues/4838) against the [@import chapter](https://www.w3.org/TR/css-cascade-5/#at-import) to get @import fetches properly defined against the [[FETCH]] model, so that cross-origin issues, etc., are well-defined. We are attempting to fix this, but the Fetch spec is still somewhat troublesome to author against, and there are few examples of correct usage (even the HTML spec is still broken in this respect). We anticipate this will be fixed in a future CR publication, before requesting advancement to REC, and welcome any help in getting it right.

Please let us know how long to wait for your review, and let us know us if you complete review without finding any issues.

See https://github.com/w3c/security-request/issues/15


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Saturday, 18 September 2021 01:08:10 UTC