Re: SVGSVGElement.toDataURL()

On Mar 13, 2013, at 12:52 PM, Daniel Holbert <dholbert@mozilla.com> wrote:

> On 03/12/2013 09:18 AM, Dirk Schulze wrote:
>> 
>> On Mar 12, 2013, at 2:02 AM, Robert Longson <longsonr@gmail.com> wrote:
>> 
>>> Klaus,
>>> 
>>> Once you did such a transfer you can access all the bits of the image
>>> and do things like read off the visited state of links. We restrict
>>> image elements not to show things like link visited state to prevent
>>> such privacy leaks amongst other things. I'd be very wary of
>>> implementing SVGSVGElement.toDataURL even if it was added to a
>>> specification because of that.
>> 
>> I don't think that this is true.
> 
> Which part of Robert's email are you saying isn't true?
> 
> Klaus basically asked [paraphrasing]:
>  "You're already rasterizing to the screen when you render
>  SVG content, so why can't you just directly expose that as
>  a rasterized image to authors via SVGSVGElement.toDataURL?"
> and Robert was pointing out that it's not that simple, because there are
> privacy implications with directly exposing what we paint on-screen
> (which we've addressed via the canvas route).
> 
>> In our tests, neither Gecko nor WebKit exposed information like
>> visited links to the Canvas, and yet we still mark the Canvas as
>> dirty. I think we can get rid of this restriction now.
> 
> AFAIK, Gecko shouldn't be marking the canvas as dirty, as of a year ago
> -- that should've been fixed here:
> https://bugzilla.mozilla.org/show_bug.cgi?id=672013
> 
> If you discovered otherwise, could you file a bug and/or send me a test case?

No, actually I was asking for removing this restriction. I just mentioned that this was not the case in some tests here. But I need to admit that I tested it more than a year ago. I can conform that the canvas is not dirty on Firefox. WebKit still has this limitation.

Greetings,
Dirk

> 
> ~Daniel

Received on Wednesday, 13 March 2013 20:30:09 UTC