W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2013

Re: [filter-effects][css-masking] Move security model for resources to CSP

From: Dirk Schulze <dschulze@adobe.com>
Date: Fri, 31 May 2013 10:51:52 -0700
To: Boris Zbarsky <bzbarsky@mit.edu>
CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <E1464B62-E18C-4A0B-91EB-70C7F5A7BC21@adobe.com>

On May 31, 2013, at 10:46 AM, "Boris Zbarsky" <bzbarsky@mit.edu> wrote:

> On 5/31/13 1:22 PM, Dirk Schulze wrote:
>> For <use>, there could indeed be data stored in elements that in theory can be read. This problem might be solveable with the redesign for <use> in the future. Means we would need special treatments for <use> for now :/.
> 
> Though note that masks and clips might have similar issues because you 
> can hit-test to read information out of them.

It is just clipPath that influences hit testing and it would not be different to anything that you can do with the overflow, display, or clip properties.

Greetings,
Dirk

> 
> -Boris
Received on Friday, 31 May 2013 17:52:19 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC