NEW301280
[SVG2] Allow <foreignObject> and HTML elements to be cloned to the shadow tree of the <use> element 
https://bugs.webkit.org/show_bug.cgi?id=301280
Summary [SVG2] Allow <foreignObject> and HTML elements to be cloned to the shadow tre...
Said Abou-Hallawa
Reported 2025-10-22 09:19:14 PDT
SVG2 made it possible for the <use> element to clone many elements that were previously disallowed, such as <foreignObject> [1]. The new WPT test will verify this new change in the SVG2 specs [2]. [1]: https://svgwg.org/svg2-draft/struct.html#UseElement:~:text=Previous%20versions%20of%20SVG,subtree%20to%20be%20cloned [2]: https://github.com/web-platform-tests/wpt/pull/55576
Attachments
rendering in safari, firefox, chrome (446.95 KB, image/png)
2026-03-18 19:38 PDT, Karl Dubost 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Robert Longson
Comment 1 2025-10-29 06:16:39 PDT
Be careful of https://bugzilla.mozilla.org/show_bug.cgi?id=1754522 when implementing this.
Radar WebKit Bug Importer
Comment 2 2025-10-29 09:20:13 PDT
<rdar://problem/163647399>
Karl Dubost
Comment 3 2026-03-18 19:38:53 PDT
Created attachment 478719 [details] rendering in safari, firefox, chrome https://github.com/web-platform-tests/wpt/pull/55576 https://wpt.fyi/results/svg/struct/reftests/use-foreignObject.html https://wpt.live/svg/struct/reftests/use-foreignObject.html PASS Firefox FAIL Chrome, Safari Spec prose in SVG2 > Previous versions of SVG restricted the contents of the shadow tree to SVG graphics elements. This specification allows any valid SVG document subtree to be cloned. Cloning non-graphical content, however, will not usually have any visible effect. https://w3c.github.io/svgwg/svg2-draft/struct.html#UseElement:~:text=Previous%20versions%20of%20SVG,subtree%20to%20be%20cloned.
Karl Dubost
Comment 4 2026-03-18 19:40:08 PDT
As Robert Longson mentions, we need to make sure of solving "XSS in SVG's foreignObject with iframe, loaded through a same-origin SVG file from a <use> element"
Note You need to log in before you can comment on or make changes to this bug.