On 6/18/13 1:47 PM, "Lea Verou" <lea@w3.org> wrote: >I think it would be less trouble for authors if the shape was rendered >correctly, but could not be read from getComputedStyle() or anything >similar, akin to what happens with :visited styles. Wouldnąt that be >equally secure? That's the case as specified now. You don't get the shape information in getComputedStyle() - you just get the URL. The vulnerability comes from when you wrap content around the shape. When the lines around the shape 'render correctly' the positions of the lines reveal the shape contour. Thanks, AlanReceived on Tuesday, 18 June 2013 21:02:01 UTC
This archive was generated by hypermail 2.4.0 : Friday, 25 March 2022 10:08:31 UTC