W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > October 2011

[Bug 14502] Why do we want to taint on style set and not on style use?

From: <bugzilla@jessica.w3.org>
Date: Tue, 18 Oct 2011 17:40:40 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1RGDea-0005JX-PW@jessica.w3.org>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=14502

Boris Zbarsky <bzbarsky@mit.edu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bzbarsky@mit.edu

--- Comment #1 from Boris Zbarsky <bzbarsky@mit.edu> 2011-10-18 17:40:40 UTC ---
In particular, as far as I can tell Gecko taints the canvas if a tainted fill
or stroke style is actually used to paint something, not just when the style is
merely set.

There is a subtle but important (imo) issue here: if we at some point allow
CanvasPatterns that contain images and are mutable, then the "taint on draw"
approach would Just Work while the current approach would have to be changed in
some way (either to retaint all canvases that have the pattern as a style on
pattern change or to taint on draw or something).

I should also note that the property of being same-origin may not be
time-invariant when document.domain is involved; I haven't looked into what
implementations actually do there.

What are the benefits of the current model apart from it maybe being slightly
easier to define?

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Tuesday, 18 October 2011 17:40:44 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:02:06 UTC