- From: Robert O'Callahan <robert@ocallahan.org>
- Date: Tue, 15 Mar 2011 16:05:14 +1300
On Sat, Mar 12, 2011 at 5:56 AM, Tab Atkins Jr. <jackalmage at gmail.com>wrote: > I think we should be closing the <svg>/<foreignObject> hole, not > expanding it as the primary way to smuggle in drawWindow > functionality. ^_^ > I actually think svg image + foreignobject is an OK way to smuggle in the functionality of rendering HTML fragments to a canvas :-). In Gecko, to solve various security problems we've made SVG images be a very restrictive browsing context, which can't for example load any subresource other than data: URIs. The elements of an SVG image also can't receive input events. Those measures alone neutralize a lot of the problems with drawWindow. Unlike IFRAMEs, pages can't reach into the DOM of SVG images to get around those restrictions. We can make SVG image documents never honor :visited selectors. Rob -- "Now the Bereans were of more noble character than the Thessalonians, for they received the message with great eagerness and examined the Scriptures every day to see if what Paul said was true." [Acts 17:11]
Received on Monday, 14 March 2011 20:05:14 UTC