W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2013

Re: [filter-effects][css-masking] Move security model for resources to CSP

From: Robert O'Callahan <robert@ocallahan.org>
Date: Thu, 30 May 2013 11:23:08 +1200
Message-ID: <CAOp6jLbGqJW2QUN6+RfkSCcuB8x8E5vepw4cyHrmmSjRd5zPSA@mail.gmail.com>
To: Dirk Schulze <dschulze@adobe.com>
Cc: Anne van Kesteren <annevk@annevk.nl>, Bjoern Hoehrmann <derhoermi@gmx.net>, "public-fx@w3.org" <public-fx@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Daniel Holbert <dholbert@mozilla.com>, Philip Rogers <pdr@google.com>
On Thu, May 30, 2013 at 11:09 AM, Robert O'Callahan <robert@ocallahan.org>wrote:

> One thing I should point out is that no matter what else we do, SVG
> resource loads will still have at least one hack based on the form of the
> URI in a url(): URIs consisting of just a "#ref" must continue to refer to
> that element in the current document's DOM, rather than the element with id
> "ref" in a document loaded from the same URI as the current document using
> whatever model we decide on for SVG external document loads.
>

Though at least this matches (roughly) what HTML anchor navigation does.

Rob
-- 
q“qIqfq qyqoquq qlqoqvqeq qtqhqoqsqeq qwqhqoq qlqoqvqeq qyqoquq,q qwqhqaqtq
qcqrqeqdqiqtq qiqsq qtqhqaqtq qtqoq qyqoquq?q qEqvqeqnq qsqiqnqnqeqrqsq
qlqoqvqeq qtqhqoqsqeq qwqhqoq qlqoqvqeq qtqhqeqmq.q qAqnqdq qiqfq qyqoquq
qdqoq qgqoqoqdq qtqoq qtqhqoqsqeq qwqhqoq qaqrqeq qgqoqoqdq qtqoq qyqoquq,q
qwqhqaqtq qcqrqeqdqiqtq qiqsq qtqhqaqtq qtqoq qyqoquq?q qEqvqeqnq
qsqiqnqnqeqrqsq qdqoq qtqhqaqtq.q"
Received on Wednesday, 29 May 2013 23:23:40 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC