On Fri, Dec 21, 2012 at 7:47 AM, Tavmjong Bah <tavmjong@free.fr> wrote: > On Thu, 2012-12-20 at 08:02 -0800, Dirk Schulze wrote: > > On Dec 20, 2012, at 2:45 AM, "David Dailey" <ddailey@zoominternet.net> > wrote: > > > > > The Adobe ASV viewer supports arbitrary content inside <glyph>. Please > let me know if a proposal to drop support for colors and other non-path > content inside <glyph> gains traction. Emoji contain color as a semantic > aspect of Unicode defininitions of characters, and as those who saw our > presentation in Boston about geometric accessibility, accessibility to > special textual affects is permanently impaired if SVG is crippled in this > way. > > > > > > It will be a good opportunity for me to learn to file formal > objections through the W3C process, and I will be certain to do so! > > > > Is there a recording of the presentation? Or do you have a link to the > documentation? This sounds like you are addressing pure visual aspects of > styling. > > > > For WebKit we decided not to support arbitrary shapes because of > different security considerations. > > I am curious to know what security consideration there would be to > arbitrary shapes as compared to paths. > > Tav It's not shapes that are a problem, it's arbitrary content. For example, SVGImage or foreign object are allowed by the spec as written, and those may link to external resources. Same, to a lesser extent, for <use> elements or anything with a href. Loading external resources has security implications, particularly when fonts themselves are frequently external resources. Stephen.
Received on Friday, 21 December 2012 13:04:32 UTC