Re: new feature request from Daniel Holbert on 2015-03-24 (www-svg@w3.org from March 2015)

From: Daniel Holbert <dholbert@mozilla.com>
Date: Mon, 23 Mar 2015 18:17:17 -0700
To: Doug Schepers <schepers@w3.org>, David Dailey <ddailey@zoominternet.net>, 'www-svg' <www-svg@w3.org>, Chris Lilley <chris@w3.org>
message-id: <5510BB1D.3060303@mozilla.com>

On 03/23/2015 03:18 PM, Doug Schepers wrote:
> Aspect 1, declarative animation in <img>, is already defined in the SVG
> Integration spec, as the "secure animated mode" [3]. I defined it that
> way over 5 years ago. It allows timeline-based animations to be
> executed. I'm not sure why browsers don't already support that.

All browsers that I'm aware of, except IE, do already support this. (And
IE only doesn't support it because they don't implement SMIL.)

See my super-realistic animated swimming fish graphic here for a demo:
  http://blog.dholbert.org/2010/10/svg-as-image.html
It uses <img> with a SMIL-animated SVG source.

> I'm not convinced that it is a
> security or privacy risk to allow users to start an animation via a
> click or touch or key entry, if there is no access to external
> resources. (Someone please correct me if I'm wrong.)

I agree, as I noted elsewhere in this thread (
https://lists.w3.org/Archives/Public/www-svg/2015Mar/0073.html ).  I
don't think there's any security issue with allowing interactivity in
images. (But I'd love to be proven wrong!)

> I don't think that there should be interactivity when SVG is used as a
> CSS background, but I think SVG in an <img> is a different matter. I
> think I conflated them originally, but now think they should be
> separated out.

Why? Authors choose to use CSS backgrounds over <img> tags sometimes;
I'm not sure why we should shoehorn them into using <img> if they want
to benefit from this.

(I do think it makes sense to exclude e.g. <canvas> (w/ drawImage) and
<feImage>. Those use-cases are fundamentally different, in that they
read a static snapshot of image pixels and manipulate it, and the image
is abstracted away further -- so those probably can't meaningfully be
interactive.)

> I'd like to hear what the browser implementers think about this, and
> what their intentions toward SVG Integration are. Are there ways we
> could change SVG Integration to improve it and to get browsers to
> implement it?

I'm not clear on what you're asking here -- maybe the question is partly
answered by my first point above? (the fact that browsers (the ones that
support SMIL) *do already* implement "secure animated mode".

At a high level, I'm mildly in favor of supporting interactive SVG
images, but I'm not sure where that fits in, priority-wise, and I'm
mildly concerned that this might violate authors' expectations about
what user-submitted images are capable of doing.

~Daniel

Received on Tuesday, 24 March 2015 01:17:47 UTC