- From: Marcos Caceres <marcosscaceres@gmail.com>
- Date: Thu, 29 Jan 2009 17:51:15 +0000
- To: Doug Schepers <schepers@w3.org>, Boris Zbarsky <bzbarsky@mit.edu>
- Cc: public-webapps <public-webapps@w3.org>
Hi Doug, On Thu, Jan 29, 2009 at 5:28 PM, Doug Schepers <schepers@w3.org> wrote: > Hi, Marcos- > > Marcos Caceres wrote (on 1/29/09 7:53 AM): >> >> On Wed, Jan 28, 2009 at 6:59 PM, Doug Schepers <schepers@w3.org> wrote: >> >>> I think that rather than specifying a particular spec or profile, the >>> Widgets spec should instead reference a feature set that is appropriate >>> for use as a icon. >> >> Ok, we want to keep this as the authoring level as to not force >> implementations to have to ship with stripped down SVG renderers. > > I'm not sure I agree. I think for security reasons, we should tell > implementors how to treat SVG icons (no script, no interactivity). They > won't have to strip down the SVG viewer, just set up constraints (which > they need to do anyway). Ok, I tend to agree with you that this may be what needs to happen. However, I think this was what Boris was saying we should try to avoid. Boris, any thoughts? comments? >>> My recommendation is that you include normative references not only to >>> SVG Tiny 1.1, but also SVG Full 1.1 (which is largely implemented in >>> desktop browsers, and probably has the most current implementations), >>> and SVG Tiny 1.2 (which is the most recent SVG Rec, and is deployed most >>> widely on mobiles). > ... >>> particular needs and use cases, but in the meantime, I think the best >>> thing would be to outline what capabilities should and should not be >>> allowed for presenting an SVG icon. Specifically, static image >>> rendering must (or should) be required, but for security reasons, no >>> script and no interaction (not even linking) should be allowed; however, >>> declarative animation should be allowed, so that authors can provide >>> animated icons (assuming the UA supports it... right now, FF doesn't, >>> but should soon). It is rather more questionable whether video or audio >>> should be allowed, or things like HTML embedded in <foreignObject> >>> (which seems okay to me). > ... >>> the Widgets spec should describe these constraints explicitly (if >>> briefly), referencing these featurestrings: > ... >>> If you would like me to work up proposed spec text, I could oblige you. >> >> That would be great! The relevant sections are: >> http://dev.w3.org/2006/waf/widgets/#dependencies-on-other-specifications-and-file-formats >> http://dev.w3.org/2006/waf/widgets/#custom-icons-and-default-icons > > Okay, give me a practical deadline that is after next week. No probs. I'll ping you in a week. -- Marcos Caceres http://datadriven.com.au
Received on Thursday, 29 January 2009 17:51:53 UTC