W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > November 2012

[Bug 20034] canvas getImageData opens security whole for code

From: <bugzilla@jessica.w3.org>
Date: Wed, 21 Nov 2012 06:02:19 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-20034-2486-3Uyjg6kGBp@http.www.w3.org/Bugs/Public/>

Boris Zbarsky <bzbarsky@mit.edu> changed:

           What    |Removed                     |Added
                 CC|                            |bzbarsky@mit.edu

--- Comment #1 from Boris Zbarsky <bzbarsky@mit.edu> ---
I'm going to regret this...

How is this different from doing an XMLHttpRequest to get the data as a string
and calling eval()?

Seems like the real problem here is calling eval() on a string of unknown
provenance, no?

You are receiving this mail because:
You are the QA Contact for the bug.
Received on Wednesday, 21 November 2012 06:02:20 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 16:31:35 UTC