[svg2] Use CORS-enabled fetch for the structurally external elements


I'd like to suggest that we allow CORS[1] in svg, by adding 'crossorigin'  
attributes to the svg elements that can reference external resources,  
specifically the <image>, <use> and <script> elements. Being able to use  
CORS in svg was requested here[2].

The 'embedded content' elements <audio>, <video> and <iframe> all have  
such attributes already.

For <script> and <image> this would align better with html. As a note,  
since Blink shares the internal implementation of script and image loaders  
the 'crossorigin' attribute is already supported on <svg:script> and  

For <use> all the browsers I tested blocked the crossorigin requests. For  
that reason it might be reasonable to use the 'No CORS' mode as the  
default for <use>. That means that you have to both have a 'crossorigin'  
attribute with a value such that the mode isn't resolved to 'No CORS', as  
well as get an ok from the server that serves the referenced content (via  
an "Access-Control-Allow-Origin" http header), to successfully fetch the  
crossorigin content.

For <foreignObject>, which is listed as a 'structurally external element'  
but which currently lacks an xlink:href attribute to match that, I suggest  
that we don't add xlink:href to <foreignObject>, but if we do, that we use  
the 'No CORS' mode as default.


* For <script>, let 'crossorigin' be a 'CORS settings attribute'[3] with  
the same effect as for <html:script>
* For <image>, let 'crossorigin' be a 'CORS settings attribute'[3] with  
the same effect as for <html:img>
* For <use>, let 'crossorigin' be a 'CORS settings attribute'[3] and let  
CORS mode be 'No CORS'
* For <foreignObject>, add an issue to the spec regarding this, and don't  
add the 'crossorigin' attribute there yet


[1] https://www.w3.org/TR/cors/
[2] https://code.google.com/p/chromium/issues/detail?id=470601

Erik Dahlstrom, Web Technology Developer, Opera Software
Co-Chair, W3C SVG Working Group

Received on Tuesday, 31 March 2015 12:04:06 UTC