Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify where remote resource references are allowed #1857

Closed
mattgarrish opened this issue Oct 15, 2021 · 0 comments · Fixed by #1859
Closed

Clarify where remote resource references are allowed #1857

mattgarrish opened this issue Oct 15, 2021 · 0 comments · Fixed by #1859
Labels
EPUB33 Issues addressed in the EPUB 3.3 revision Spec-EPUB3 The issue affects the core EPUB 3.3 Recommendation Topic-ContentDocs The issue affects EPUB content documents

Comments

@mattgarrish
Copy link
Member

mattgarrish commented Oct 15, 2021
edited

We currently only say what resources can live outside the container, but for improved clarity (and security) we should probably also explicitly say where these references are allowed (see also #1061 (comment)).

The proposal would be to:

  • restrict remote audio to the audio + source elements and the MO audio element
  • restrict remote video to the video + source elements
  • restrict remote fonts to CSS @font-face rules, @import rules, and the html link element
  • restrict remote data to scripting API calls (XHR and Fetch)

Data blocks can't be external per html ("When used to include data blocks, the data must be embedded inline") so we don't need to allow references from script.
@mattgarrish mattgarrish added the Topic-ContentDocs The issue affects EPUB content documents label Oct 15, 2021
@iherman iherman mentioned this issue Oct 15, 2021
Closed
@mattgarrish mattgarrish mentioned this issue Oct 18, 2021
Merged
@mattgarrish mattgarrish added the EPUB33 Issues addressed in the EPUB 3.3 revision label Nov 10, 2021
@mattgarrish mattgarrish mentioned this issue Nov 15, 2021
Closed
@mattgarrish mattgarrish added the Spec-EPUB3 The issue affects the core EPUB 3.3 Recommendation label Sep 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
EPUB33 Issues addressed in the EPUB 3.3 revision Spec-EPUB3 The issue affects the core EPUB 3.3 Recommendation Topic-ContentDocs The issue affects EPUB content documents
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Clarify where remote resources can be referenced w3c/epub-specs
1 participant
@mattgarrish