Re: SVG as Widget Icon

Marcos Caceres wrote:
> Hi Doug,
> 
> On Thu, Jan 29, 2009 at 5:28 PM, Doug Schepers <schepers@w3.org> wrote:
>> Hi, Marcos-
>>
>> Marcos Caceres wrote (on 1/29/09 7:53 AM):
>>> On Wed, Jan 28, 2009 at 6:59 PM, Doug Schepers <schepers@w3.org> wrote:
>>>
>>>> I think that rather than specifying a particular spec or profile, the
>>>> Widgets spec should instead reference a feature set that is appropriate
>>>> for use as a icon.
>>> Ok, we want to keep this as the authoring level as to not force
>>> implementations to have to ship with stripped down SVG renderers.
>> I'm not sure I agree.  I think for security reasons, we should tell
>> implementors how to treat SVG icons (no script, no interactivity).  They
>> won't have to strip down the SVG viewer, just set up constraints (which
>> they need to do anyway).
> 
> Ok, I tend to agree with you that this may be what needs to happen.
> However, I think this was what Boris was saying we should try to
> avoid. Boris, any thoughts? comments?

Disabling features for security reasons is something that I'm all for. 
I've always had a funny feeling that that <svg:use> guy is up to no 
good! We should disable him promptly! ;)

Seriously though. Disabling scripting is something we should definitely 
do. We haven't yet added support to gecko to truly treat SVG as images, 
i.e. you can't point an <img> or a css background on an SVG image. But 
once we do implement that, we plan on running it in a mode where all 
forms of scripting is disabled. We should recommend, or require, that 
this happens for for the icon as well.

This is however very different from running it in a context where sets 
of elements are disabled to match closer the SVG Tiny 1.2 specification.

/ Jonas

Received on Thursday, 29 January 2009 21:30:19 UTC