Re: [css-shapes] restricting <uri> in shape-outside to CORS-same-origin?

On 6/7/13 11:09 PM, "Anne van Kesteren" <> wrote:

>On Fri, Jun 7, 2013 at 11:39 AM, Alan Stearns <> wrote:
>> Would it be sufficient to change the definition to this?
>> ---
>> If the <uri> references an image
>> which is CORS-same-origin,
>> the shape is extracted and computed
>> based on the alpha channel of the
>> specified image. If the <uri> does
>> not reference an image or if it
>> references an image which is not
>> CORS-same-origin, the effect
>> is as if the value Œauto¹ had been
>> specified.
>> ---
>> I'm assuming I would link CORS-same-origin to

>This looks like a great start and defines reasonably clearly what to
>do with all types of responses you might get back (we might change
>"CORS-same-origin" to a clearer term).
>It does not define what policy you use for fetching the resource.
>Currently most everything uses tainted cross-origin, <img>,
>background-image, etc. CSS should probably define a general fetching
>policy that states a default and then you need to decide whether you
>want to deviate from that for certain properties (e.g. for this
>property only CORS makes sense) or if you want a generic mechanism
>that is the same for all <url> types.


The working group decided to put off defining a general fetching policy
[1] so I've borrowed from CSS Fonts. The shape-outside property now takes
an <image> value, and I've defined how that value is handled like this:

The shape is extracted and computed based on the alpha channel of the
specified <image> [CSS3VAL] User agents must use the potentially
CORS-enabled fetch method defined by the [HTML5] specification for all
URLs in a shape-outside value. When fetching, user agents must use
"Anonymous" mode, set the referrer source to the stylesheet's URL and set
the origin to the URL of the containing document.

Do I need to define what occurs if the cross-origin request status is not
a success? My interpretation was that this would result in an invalid
image, and if there were no valid images in the <image> value this would
result in an invalid declaration.




Received on Friday, 19 July 2013 22:08:43 UTC