- From: Dirk Schulze <dschulze@adobe.com>
- Date: Fri, 31 May 2013 11:06:54 -0700
- To: Boris Zbarsky <bzbarsky@MIT.EDU>
- CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
On May 31, 2013, at 11:05 AM, "Boris Zbarsky" <bzbarsky@MIT.EDU> wrote: > On 5/31/13 1:51 PM, Dirk Schulze wrote: >> It is just clipPath that influences hit testing and it would not be different to anything that you can do with the overflow, display, or clip properties. > > overflow/display/clip properties can't leak much data, typically, while > arbitrary paths can (in fact in many SVG files the paths _are_ all the > data to have). But if clipping is restricted to paths inside > <clipPath>, that helps a lot. It looks like that's the case? It is restricted to all information within the same document at the clipPath element. The document is tainted. Greetings, Dirk > > -Boris >
Received on Friday, 31 May 2013 18:07:24 UTC