W3C home > Mailing lists > Public > public-html-commits@w3.org > May 2011

html5/spec Overview.html,1.4907,1.4908

From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
Date: Fri, 06 May 2011 20:03:35 +0000
To: public-html-commits@w3.org
Message-Id: <E1QIRFP-0008C6-LC@lionel-hutz.w3.org>
Update of /sources/public/html5/spec
In directory hutz:/tmp/cvs-serv31482

Modified Files:
Log Message:
taint canvas if we even _consider_ a cross-site font (whatwg r6105)

Index: Overview.html
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.4907
retrieving revision 1.4908
diff -u -d -r1.4907 -r1.4908
--- Overview.html	6 May 2011 19:56:18 -0000	1.4907
+++ Overview.html	6 May 2011 20:03:31 -0000	1.4908
@@ -27297,11 +27297,12 @@
    false when the pattern was created.</li>
    <li><p>The element's 2D context's <code title="dom-context-2d-fillText">fillText()</code> or <code title="dom-context-2d-fillText">strokeText()</code> methods are
-   invoked and end up using a font that has an <a href="#origin">origin</a>
+   invoked and consider using a font that has an <a href="#origin">origin</a>
    that is not the <a href="#same-origin" title="same origin">same</a> as that of
    the <code><a href="#document">Document</a></code> object that owns the <code><a href="#the-canvas-element">canvas</a></code>
-   element.</li>
+   element. (The font doesn't even have to be used; all that matters
+   is whether the font was considered for any of the glyphs
+   drawn.)</li> 
   </ul><p>Whenever the <code title="dom-canvas-toDataURL"><a href="#dom-canvas-todataurl">toDataURL()</a></code> method of a
   <code><a href="#the-canvas-element">canvas</a></code> element whose <i>origin-clean</i> flag is set to
   false is called, the method must raise a <code><a href="#security_err">SECURITY_ERR</a></code>
Received on Friday, 6 May 2011 20:03:39 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:10:28 UTC