I didn't see it stated very clearly clearly in this issue, so let me first state what I think the information leak is: Developers can detect whether there is EXIF rotation information in an image by rendering it twice - once with `image-orientation: from-image` and one with `image-orientation: none`, and observing if there is a difference in the layout size of the result. Therefore, for a cross-domain image, the developer can obtain one bit of information about these images. However, don't sites already know multiple "bits of information" about cross-origin images, such as their width and height? -- GitHub Notification of comment by chrishtr Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5165#issuecomment-652537061 using your GitHub accountReceived on Wednesday, 1 July 2020 16:59:43 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 06:42:11 UTC