W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > November 2012

[Bug 20034] canvas getImageData opens security whole for code

From: <bugzilla@jessica.w3.org>
Date: Wed, 21 Nov 2012 06:02:19 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-20034-2486-3Uyjg6kGBp@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=20034

Boris Zbarsky <bzbarsky@mit.edu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bzbarsky@mit.edu

--- Comment #1 from Boris Zbarsky <bzbarsky@mit.edu> ---
I'm going to regret this...

How is this different from doing an XMLHttpRequest to get the data as a string
and calling eval()?

Seems like the real problem here is calling eval() on a string of unknown
provenance, no?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
Received on Wednesday, 21 November 2012 06:02:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 21 November 2012 06:02:21 GMT