Re: [filter-effects][css-masking] Move security model for resources to CSP

On Thu, May 30, 2013 at 3:32 PM, Dirk Schulze <dschulze@adobe.com> wrote:
> As far as I know CSS stylesheets do not follow strict cross origin restrictions. Why would SVG resources need to do it?

Note that not having those restrictions has led to various serious
security issues over the years. If we can make these fetches always
use the CORS mode that should be done.


--
http://annevankesteren.nl/

Received on Saturday, 1 June 2013 07:53:05 UTC