Re: [css-shapes] restricting <uri> in shape-outside to CORS-same-origin? from Alan Stearns on 2013-07-19 (www-style@w3.org from July 2013)

From: Alan Stearns <stearns@adobe.com>
Date: Fri, 19 Jul 2013 15:00:26 -0700
To: Anne van Kesteren <annevk@annevk.nl>
CC: W3C Style <www-style@w3.org>
Message-ID: <CE0F02FC.2DB8F%stearns@adobe.com>

On 6/7/13 11:09 PM, "Anne van Kesteren" <annevk@annevk.nl> wrote:

>On Fri, Jun 7, 2013 at 11:39 AM, Alan Stearns <stearns@adobe.com> wrote:
>> Would it be sufficient to change the definition to this?
>>
>> ---
>> If the <uri> references an image
>> which is CORS-same-origin,
>> the shape is extracted and computed
>> based on the alpha channel of the
>> specified image. If the <uri> does
>> not reference an image or if it
>> references an image which is not
>> CORS-same-origin, the effect
>> is as if the value Œauto¹ had been
>> specified.
>> ---
>>
>> I'm assuming I would link CORS-same-origin to
>> http://fetch.spec.whatwg.org/#cors-same-origin

>
>This looks like a great start and defines reasonably clearly what to
>do with all types of responses you might get back (we might change
>"CORS-same-origin" to a clearer term).
>
>It does not define what policy you use for fetching the resource.
>Currently most everything uses tainted cross-origin, <img>,
>background-image, etc. CSS should probably define a general fetching
>policy that states a default and then you need to decide whether you
>want to deviate from that for certain properties (e.g. for this
>property only CORS makes sense) or if you want a generic mechanism
>that is the same for all <url> types.

Anne,

The working group decided to put off defining a general fetching policy
[1] so I've borrowed from CSS Fonts. The shape-outside property now takes
an <image> value, and I've defined how that value is handled like this:

---
The shape is extracted and computed based on the alpha channel of the
specified <image> [CSS3VAL] User agents must use the potentially
CORS-enabled fetch method defined by the [HTML5] specification for all
URLs in a shape-outside value. When fetching, user agents must use
"Anonymous" mode, set the referrer source to the stylesheet's URL and set
the origin to the URL of the containing document.
---

Do I need to define what occurs if the cross-origin request status is not
a success? My interpretation was that this would result in an invalid
image, and if there were no valid images in the <image> value this would
result in an invalid declaration.

Thanks,

Alan

[1] http://lists.w3.org/Archives/Public/www-style/2013Jul/0221.html

Received on Friday, 19 July 2013 22:08:43 UTC