W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2013

Re: [filter-effects][css-masking] Move security model for resources to CSP

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Fri, 31 May 2013 14:00:36 -0400
Message-ID: <51A8E544.5020609@mit.edu>
To: Dirk Schulze <dschulze@adobe.com>
CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
On 5/31/13 1:51 PM, Dirk Schulze wrote:
> It is just clipPath that influences hit testing and it would not be different to anything that you can do with the overflow, display, or clip properties.

overflow/display/clip properties can't leak much data, typically, while 
arbitrary paths can (in fact in many SVG files the paths _are_ all the 
data to have).  But if clipping is restricted to paths inside 
<clipPath>, that helps a lot.  It looks like that's the case?

Received on Friday, 31 May 2013 18:01:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:33 UTC