Rik Cabanier
Rik Cabanier
Can you explain what `shelf` represents? Are you defining a new API on the model element?
Are there other formats that loads subresources? (SVG images?) Since rendering and parsing happens outside the UA, it seems the loading of subresources is complicated.
> Many formats include sub-resources of some kind. I meant in a regular browser :-) There's HTML using an iframe which is very complex. I believe SVG images don't allow...
Was there a discussion that Quicklook was going to be part of the model proposal? It's certainly a nice workflow but I don't know how flexible was can make it...
For the first iteration, we should concentrate on a minimum viable product. Once that is implemented and shipping, it can be extended. We will also have a better idea on...
@domenic Can you explain why CORS is needed? @othermaciej's [comment](https://github.com/WebKit/explainers/issues/63#issuecomment-909437183) seems reasonable as to why it can be skipped. Of course, if the model is used without CORS, there wouldn't...
What is the data that would be leaking?
The author would never have access to the content of the model file. The UA (or the underlying OS) is responsible for parsing and displaying
> The attacker would have access to the contents through side channel attacks, such as Spectre, cache timing attacks, XSLeaks, etc. That is why this is a security concern. I...
/tpac Discuss why we need CORS