Re: [filter-effects][css-masking] Move security model for resources to CSP from Robert O'Callahan on 2013-05-29 (public-webappsec@w3.org from May 2013)

From: Robert O'Callahan <robert@ocallahan.org>
Date: Thu, 30 May 2013 11:23:08 +1200
To: Dirk Schulze <dschulze@adobe.com>
Cc: Anne van Kesteren <annevk@annevk.nl>, Bjoern Hoehrmann <derhoermi@gmx.net>, "public-fx@w3.org" <public-fx@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Daniel Holbert <dholbert@mozilla.com>, Philip Rogers <pdr@google.com>
Message-ID: <CAOp6jLbGqJW2QUN6+RfkSCcuB8x8E5vepw4cyHrmmSjRd5zPSA@mail.gmail.com>

On Thu, May 30, 2013 at 11:09 AM, Robert O'Callahan <robert@ocallahan.org>wrote:

> One thing I should point out is that no matter what else we do, SVG
> resource loads will still have at least one hack based on the form of the
> URI in a url(): URIs consisting of just a "#ref" must continue to refer to
> that element in the current document's DOM, rather than the element with id
> "ref" in a document loaded from the same URI as the current document using
> whatever model we decide on for SVG external document loads.
>

Though at least this matches (roughly) what HTML anchor navigation does.

Rob
-- 
q“qIqfq qyqoquq qlqoqvqeq qtqhqoqsqeq qwqhqoq qlqoqvqeq qyqoquq,q qwqhqaqtq
qcqrqeqdqiqtq qiqsq qtqhqaqtq qtqoq qyqoquq?q qEqvqeqnq qsqiqnqnqeqrqsq
qlqoqvqeq qtqhqoqsqeq qwqhqoq qlqoqvqeq qtqhqeqmq.q qAqnqdq qiqfq qyqoquq
qdqoq qgqoqoqdq qtqoq qtqhqoqsqeq qwqhqoq qaqrqeq qgqoqoqdq qtqoq qyqoquq,q
qwqhqaqtq qcqrqeqdqiqtq qiqsq qtqhqaqtq qtqoq qyqoquq?q qEqvqeqnq
qsqiqnqnqeqrqsq qdqoq qtqhqaqtq.q"

Received on Wednesday, 29 May 2013 23:23:40 UTC