- From: Matt Garrish <notifications@github.com>
- Date: Tue, 25 May 2021 05:58:20 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/635/847846571@github.com>
In addition to what Ivan has already mentioned, using data URLs to embed resources doesn't appear problematic, but allowing data URLs to be referenced from `a` elements has the same security risks in EPUB that have been raised for browsers (i.e., phishing). In other words, we want to disallow data URLs from opening a "top-level browsing context", except when explicitly requested by a user (e.g., to open an image in a new window), but aren't completely sure how best to say this since it seems to only be handled in bug trackers right now. For reference, see: - https://groups.google.com/a/chromium.org/g/blink-dev/c/GbVcuwg_QjM - https://bugzilla.mozilla.org/show_bug.cgi?id=1331351 So, in the absence of more formal guidance (which we'd prefer to reference), does the following make sense: > Reading Systems MUST prevent data URLs [RFC2397] from opening in top-level browsing contexts [HTML], except when initiated through a Reading System affordance such as a context menu. If a Reading System does not use a top-level browsing context for Top-level Content Documents, it MUST also prevent data URLs from opening as though they are Top-level Content Documents. Or do you have any suggestions on how we can improve this wording? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/635#issuecomment-847846571
Received on Tuesday, 25 May 2021 12:58:32 UTC