- From: Luca Versari <notifications@github.com>
- Date: Thu, 13 May 2021 01:16:11 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 13 May 2021 08:16:24 UTC
I asked @hober, and the point that we'd want to discuss is the following (taken from an email from @annevk): > [...] This is the first new format with a new signature > that I know of so ideally we use this opportunity to not further > increase the bad security behavior of the past. As written there I > think at minimum we should require a MIME type in the img element > processing model (similar to SVG) and at best we would also require > CORS (similar to module scripts). Also, a freely-accessible, if somewhat outdated specification link is available at https://arxiv.org/abs/1908.03565. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/633#issuecomment-840400139
Received on Thursday, 13 May 2021 08:16:24 UTC