Hi! We looked at this as part of the Security & privacy review process for Web Platform intents, and we were wondering about the feature behavior with regards to iframes. Specifically, we were concerned about the potential for a child frame to draw custom content over its parent using this feature. Is something like this possible as part of the overflow mechanism? If so, we were concerned about the potential for spoofing.
Thanks! Camille On Monday, March 7, 2022 at 6:07:28 PM UTC+1 Khushal Sagar wrote: > Contact emailskhushalsa...@chromium.org, tabatk...@chromium.org, > vmp...@chromium.org > > Explainerhttps://github.com/w3c/csswg-drafts/issues/7058 > > SpecificationIn Progress > > Summary > > The object-view-box and object-overflow properties allow the content for > replaced elements to paint outside its content-box, similar to ink overflow > for other elements. > > Blink componentBlink>CSS > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ECSS> > > Motivation > > object-view-box and object-overflow allows the author to specify a subset > within an image that should draw within the content box of the target > replaced element. This enables an author to create an image with a custom > glow or shadow applied, with proper ink-overflow behavior like a CSS shadow > would have. > > > The property will also be used to draw ink overflow for snapshots > generated for shared element transitions > <https://chromestatus.com/feature/5193009714954240> (issue > <https://github.com/WICG/shared-element-transitions/issues/120>). > > Initial public proposalhttps://github.com/w3c/csswg-drafts/issues/7058 > > TAG reviewIn Progress (Will file one with a draft spec) > > TAG review statusIn Progress > > Risks > > > Interoperability and Compatibility > > Risk is minimal. This is a new feature for which support can be detected > by developers. > > Gecko: Positive (see comment here > <https://github.com/w3c/csswg-drafts/issues/7058#issuecomment-1057553833>). > Will file a request for position with a draft spec (see comment here > <https://github.com/mozilla/wg-decisions/issues/750#issuecomment-1057544163> > ). > > WebKit: No signal > > Web developers: No signals > > Other signals: > > > Debuggability > > This is debuggable similar to other CSS object-* properties. > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> > ?Yes > > Flag nameCSSObjectViewBox > > Requires code in //chrome?False > > Tracking bughttps://bugs.chromium.org/p/chromium/issues/detail?id=1303102 > > Estimated milestones > > No milestones specified > > > Link to entry on the Chrome Platform Status > https://chromestatus.com/feature/5213032857731072 > > This intent message was generated by Chrome Platform Status > <https://chromestatus.com/>. > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/af5057b2-9d20-45b8-8196-93e12836e54an%40chromium.org.
