W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2012

[whatwg] [CORS] WebKit tainting image instead of throwing, error

From: Ian Hickson <ian@hixie.ch>
Date: Sat, 28 Jan 2012 02:01:16 +0000 (UTC)
Message-ID: <Pine.LNX.4.64.1201280200260.16982@ps20323.dreamhostps.com>
On Tue, 1 Nov 2011, Charles Pritchard wrote:
> 
> I'd been using <img crossorigin> for everything... It was lazy but 
> worked fine until the latest roll-out of Chrome. Now my local references 
> fail the check. I have to use <img> for local images that I know are 
> safe, and <img crossorigin> for images that I suspect are not safe.
> 
> This is likely just a bug in Chrome, but it was rolled out quickly 
> before going through the Chrome Canary process.
> 
> Code example: <img src="./localImage.png" crossorigin> may -fail- the 
> crossorigin check even though the image will not set a dirty flag on 
> Canvas.

On Tue, 1 Nov 2011, Adam Barth wrote:
> 
> Sorry about that.  This is filed as 
> <https://bugs.webkit.org/show_bug.cgi?id=71053>.  I've got some time 
> scheduled to look at this later in the week.

I've fixed the spec accordingly.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 27 January 2012 18:01:16 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:10 UTC