- From: Ivan Herman <notifications@github.com>
- Date: Tue, 25 May 2021 05:09:04 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/635/847813995@github.com>
Hey @hadleybeeman! I try to summarize, but I also cc @mattgarrish @dauwhe and @bduga, who have a deeper knowledge of what is happening. The relevant part in the specification is https://w3c.github.io/epub-specs/epub33/rs/#confreq-rs-data-urls. In the EPUB jargon, a Reading System is, from the point of view of what we are discussing, like a browser, insofar as one of its main task is to render either HTML or (standalone) SVG documents; these documents provide the reader with the pages of the books. These documents, referred to as "Top Level Content Documents", can be thought of being, say, the chapters of a large book (and the metadata provided in the EPUB instance tells the Reading System in which order these files should be displayed). Of course, these pages, which are HTML pages, can link to other resources, some in the EPUB instance and some somewhere on the Web. The security related issue is how to handle DATA URL-s. One approach is to universally disallow them; however, this might make some genuine use cases impossible (e.g., an SVG content is embedded in the HTML or CSS file as a DATA URI). Hence the approach taken in the spec to disallow them as, say, a `href` value in an `<a>` element, but allow them in, e.g., a CSS file. The question was how to turn this into spec-text. We realized that browsers have similar restrictions, and the EPUB spec is keen not to reinvent not only a wheel, but not even a terminology, when possible. However, we did not find any normative statement in other specs that applies to this situation. We did put the text into the current draft, but we are not sure whether that is the proper reference/terminology. Hence the request for TAG help... Some further references: - original issue: https://github.com/w3c/epub-specs/issues/1564 - PR that resulted in what is in the spec right now: https://github.com/w3c/epub-specs/pull/1582 - Minutes of the WG call that led to the merge of the PR: https://www.w3.org/publishing/groups/epub-wg/Meetings/Minutes/2021-03-26-epub#section2 I hope this helps... -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/635#issuecomment-847813995
Received on Tuesday, 25 May 2021 12:09:18 UTC