W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2011

[whatwg] Canvas and drawWindow

From: Robert O'Callahan <robert@ocallahan.org>
Date: Tue, 15 Mar 2011 16:05:14 +1300
Message-ID: <AANLkTimGq2+m++cDQNJombbvRrY3irYa4e4uhZG1uutK@mail.gmail.com>
On Sat, Mar 12, 2011 at 5:56 AM, Tab Atkins Jr. <jackalmage at gmail.com>wrote:

> I think we should be closing the <svg>/<foreignObject> hole, not
> expanding it as the primary way to smuggle in drawWindow
> functionality.  ^_^
>

I actually think svg image + foreignobject is an OK way to smuggle in the
functionality of rendering HTML fragments to a canvas :-). In Gecko, to
solve various security problems we've made SVG images be a very restrictive
browsing context, which can't for example load any subresource other than
data: URIs. The elements of an SVG image also can't receive input events.
Those measures alone neutralize a lot of the problems with drawWindow.
Unlike IFRAMEs, pages can't reach into the DOM of SVG images to get around
those restrictions. We can make SVG image documents never honor :visited
selectors.

Rob
-- 
"Now the Bereans were of more noble character than the Thessalonians, for
they received the message with great eagerness and examined the Scriptures
every day to see if what Paul said was true." [Acts 17:11]
Received on Monday, 14 March 2011 20:05:14 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:31 UTC