Re: [cssom][security] Cross-origin style sheets from Tab Atkins Jr. on 2013-06-08 (www-style@w3.org from June 2013)

From: Tab Atkins Jr. <jackalmage@gmail.com>
Date: Fri, 7 Jun 2013 20:36:58 -0700
To: Simon Pieters <simonp@opera.com>
Cc: "www-style@w3.org" <www-style@w3.org>, Anne van Kesteren <annevk@annevk.nl>, Boris Zbarsky <bzbarsky@mit.edu>
Message-ID: <CAAWBYDB4Yf9pVQZcuyw-O1VfJBksV0=5-HUUVBJkhu6Rz-3Vdg@mail.gmail.com>

On Fri, Jun 7, 2013 at 5:51 AM, Simon Pieters <simonp@opera.com> wrote:
> I would appreciate review of the following change:
>
> https://dvcs.w3.org/hg/csswg/rev/b3a214e224d7
> [cssom] Disallow reading and modifying of cross-origin sheets. Integrate
> with URL and Fetch specs for xml-stylesheet and Link:. Only expose
> pre-redirect URL of a sheet.

Related to this, though perhaps not exactly CSSOM - should
cross-origin stylesheets inherit the charset from their referring
documents (or the declared charset from the referring <link>)?

~TJ

Received on Saturday, 8 June 2013 03:37:46 UTC