- From: Alan Stearns <stearns@adobe.com>
- Date: Tue, 18 Jun 2013 14:01:18 -0700
- To: Lea Verou <lea@w3.org>
- CC: W3C Style <www-style@w3.org>, Anne van Kesteren <annevk@annevk.nl>
On 6/18/13 1:47 PM, "Lea Verou" <lea@w3.org> wrote: >I think it would be less trouble for authors if the shape was rendered >correctly, but could not be read from getComputedStyle() or anything >similar, akin to what happens with :visited styles. Wouldnąt that be >equally secure? That's the case as specified now. You don't get the shape information in getComputedStyle() - you just get the URL. The vulnerability comes from when you wrap content around the shape. When the lines around the shape 'render correctly' the positions of the lines reveal the shape contour. Thanks, Alan
Received on Tuesday, 18 June 2013 21:02:01 UTC