- From: Adam Barth <w3c@adambarth.com>
- Date: Mon, 14 Mar 2011 22:56:37 -0700
On Mon, Mar 14, 2011 at 8:05 PM, Robert O'Callahan <robert at ocallahan.org> wrote: > On Sat, Mar 12, 2011 at 5:56 AM, Tab Atkins Jr. <jackalmage at gmail.com>wrote: > >> I think we should be closing the <svg>/<foreignObject> hole, not >> expanding it as the primary way to smuggle in drawWindow >> functionality. ?^_^ > > I actually think svg image + foreignobject is an OK way to smuggle in the > functionality of rendering HTML fragments to a canvas :-). In Gecko, to > solve various security problems we've made SVG images be a very restrictive > browsing context, which can't for example load any subresource other than > data: URIs. The elements of an SVG image also can't receive input events. > Those measures alone neutralize a lot of the problems with drawWindow. > Unlike IFRAMEs, pages can't reach into the DOM of SVG images to get around > those restrictions. We can make SVG image documents never honor :visited > selectors. That's roughly how SVG images work in WebKit as well. SVG images are rendered with a fake set of clients (i.e., delegates) that prevent the SVG image from talking to much of the rest of the browser. Adam
Received on Monday, 14 March 2011 22:56:37 UTC