- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Fri, 31 May 2013 14:12:08 -0400
- To: Dirk Schulze <dschulze@adobe.com>
- CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
On 5/31/13 2:06 PM, Dirk Schulze wrote: > It is restricted to all information within the same document at the clipPath element. The document is tainted. No, you misunderstand. What I am worried about is if I have a document at evil.com that links to an SVG at mybank.com as an external resource document. Once it's done that, what information can it extract from the mybank.com document? For example, if the mybank.com document is a graph represented in SVG, can evil.com exfiltrate the graph data somehow? If it can, then such linking cannot be allowed. -Boris
Received on Friday, 31 May 2013 18:12:37 UTC