W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2013

Re: [filter-effects][css-masking] Move security model for resources to CSP

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Fri, 31 May 2013 14:00:36 -0400
Message-ID: <51A8E544.5020609@mit.edu>
To: Dirk Schulze <dschulze@adobe.com>
CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
On 5/31/13 1:51 PM, Dirk Schulze wrote:
> It is just clipPath that influences hit testing and it would not be different to anything that you can do with the overflow, display, or clip properties.

overflow/display/clip properties can't leak much data, typically, while 
arbitrary paths can (in fact in many SVG files the paths _are_ all the 
data to have).  But if clipping is restricted to paths inside 
<clipPath>, that helps a lot.  It looks like that's the case?

-Boris
Received on Friday, 31 May 2013 18:01:09 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC