xmlgraphics-batik-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vincent Hardy <vincent.ha...@sun.com>
Subject Re: [svg-developers] Batik 1.5beta2 release available
Date Fri, 10 May 2002 15:33:09 GMT

Thanks for your kind words on 1.5beta2.

Jim Ley wrote:
> [...]
> With default security getURL doesn't let you get from the same domain as
> the svg is served from, you have to untick the "enforce secure
> scripting" - could we have the nicer default?

I think I understand what you are asking, but let me make sure: you 
want your getURL to retrieve something from a different server than the
server which served the document referencing the script. 

If that is so, yes, there is no option to allow this at this time. 
The granularity for scripts, right now, is:

a. Disabled/Enabled (you can disallow scripts of a certain kind
b. Secure/Not secure (as you figured)
c. Constrain scripts to come from the same server as the SVG document
   referencing them.

What you are asking for is providing more granularity for b. which
is possible. I am still fighting a security issue with getURL on local 
(too restrictive, as indicated in the change log), but I'll look into
this right after.


To unsubscribe, e-mail: batik-users-unsubscribe@xml.apache.org
For additional commands, e-mail: batik-users-help@xml.apache.org

View raw message