W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > September 2011

[Bug 14056] Please change 4.8.11.2 Security with canvas elements to respect CORS

From: <bugzilla@jessica.w3.org>
Date: Thu, 08 Sep 2011 10:29:16 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1R1brA-0003oO-PZ@jessica.w3.org>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=14056

--- Comment #2 from Ben Adams <gmthundercat@gmail.com> 2011-09-08 10:29:15 UTC ---
(In reply to comment #1)
> The spec provides a crossorigin attribute for this purpose (specifically to
> trigger CORS for the image load), right?  Last I checked both Chrome and Gecko
> have added support for that.

Ah... I think I picked the wrong bit of the spec - its the Same Origin test
pseudo code that doesn't mention CORS (even though CORS is specified above for
images)

It doesn't seem to work in FireFox

http://dev.w3.org/html5/spec/Overview.html#same-origin

Two origins are said to be the same origin if the following algorithm returns
true:
Let A be the first origin being compared, and B be the second origin being
compared.
If A and B are both opaque identifiers, and their value is equal, then return
true.
Otherwise, if either A or B or both are opaque identifiers, return false.
If A and B have scheme components that are not identical, return false.
If A and B have host components that are not identical, return false.
If A and B have port components that are not identical, return false.
If either A or B have additional data, but that data is not identical for both,
return false.
Return

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Thursday, 8 September 2011 10:29:18 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:02:03 UTC