W3C home > Mailing lists > Public > www-style@w3.org > June 2014

Ability to disable external resource fetching

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 19 Jun 2014 13:36:36 +0200
Message-ID: <CADnb78iQk=XyX-MeVCtwZLcOjbqBHpM4CeWa26WehZ0Dy0uZJg@mail.gmail.com>
To: "www-style@w3.org" <www-style@w3.org>
Cc: www-svg <www-svg@w3.org>
When you load SVG as <img src=svg> and similar contexts it is not
allowed to load further resources as to restrict its security model to
GIF. This is also the plan for when using external SVG elements
through 'mask' or some such.

This requires changes to CSS and elements that cause the creation of
CSS style sheets. The tentative plan is to add flag to Fetch that is
"local fetches only flag" which would allow data and blob URL
resources to be fetched, but nothing over the network.

CSS style sheets would need to have some kind of style-sheet-wide
setting that enables that and ensures no networked images or @import's
are used.

And elements that create CSS style sheets would need to set that
setting on style sheets.

This ties into my earlier email
http://lists.w3.org/Archives/Public/www-style/2014Jun/0238.html about
more properly defining the CSS style sheet model.

These bugs relate to this effort:

* https://www.w3.org/Bugs/Public/show_bug.cgi?id=26144
* https://www.w3.org/Bugs/Public/show_bug.cgi?id=26114
* https://www.w3.org/Bugs/Public/show_bug.cgi?id=24055

Received on Thursday, 19 June 2014 11:37:04 UTC

This archive was generated by hypermail 2.4.0 : Monday, 23 January 2023 02:14:41 UTC