W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2013

Re: [filter-effects][css-masking] Move security model for resources to CSP

From: Robert O'Callahan <robert@ocallahan.org>
Date: Thu, 30 May 2013 11:09:32 +1200
Message-ID: <CAOp6jLZ6tUc+wvUYPZUs158E8XFhzxjCWTn_D0Z_FMOD9bCiyw@mail.gmail.com>
To: Dirk Schulze <dschulze@adobe.com>
Cc: Anne van Kesteren <annevk@annevk.nl>, Bjoern Hoehrmann <derhoermi@gmx.net>, "public-fx@w3.org" <public-fx@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Daniel Holbert <dholbert@mozilla.com>, Philip Rogers <pdr@google.com>
One thing I should point out is that no matter what else we do, SVG
resource loads will still have at least one hack based on the form of the
URI in a url(): URIs consisting of just a "#ref" must continue to refer to
that element in the current document's DOM, rather than the element with id
"ref" in a document loaded from the same URI as the current document using
whatever model we decide on for SVG external document loads.

Rob
-- 
q“qIqfq qyqoquq qlqoqvqeq qtqhqoqsqeq qwqhqoq qlqoqvqeq qyqoquq,q qwqhqaqtq
qcqrqeqdqiqtq qiqsq qtqhqaqtq qtqoq qyqoquq?q qEqvqeqnq qsqiqnqnqeqrqsq
qlqoqvqeq qtqhqoqsqeq qwqhqoq qlqoqvqeq qtqhqeqmq.q qAqnqdq qiqfq qyqoquq
qdqoq qgqoqoqdq qtqoq qtqhqoqsqeq qwqhqoq qaqrqeq qgqoqoqdq qtqoq qyqoquq,q
qwqhqaqtq qcqrqeqdqiqtq qiqsq qtqhqaqtq qtqoq qyqoquq?q qEqvqeqnq
qsqiqnqnqeqrqsq qdqoq qtqhqaqtq.q"
Received on Wednesday, 29 May 2013 23:10:04 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC