[Bug 28987] New: fillText and fillStroke are unsecured from nobody@w3.org on 2015-07-23 (public-html-admin@w3.org from July 2015)

From: <nobody@w3.org>
Date: Thu, 23 Jul 2015 15:48:10 +0000
To: public-html-admin@w3.org
Message-ID: <bug-28987-2495@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=28987

            Bug ID: 28987
           Summary: fillText and fillStroke are unsecured
           Product: HTML WG
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: critical
          Priority: P2
         Component: CR HTML Canvas 2D Context
          Assignee: dave.null@w3.org
          Reporter: plh@w3.org
        QA Contact: public-html-bugzilla@w3.org
                CC: public-html-admin@w3.org
  Target Milestone: ---

https://w3c.github.io/2dcontext/#dom-context-2d-filltext
 doesn't say anything (unlike Level 2) about markup the origin-clean as false.
Again, this needs to be sync'ed with Level 2 otherwise it creates a security
issue.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Thursday, 23 July 2015 15:48:13 UTC