[Bug 20034] canvas getImageData opens security whole for code from bugzilla@jessica.w3.org on 2012-11-21 (public-html-bugzilla@w3.org from November 2012)

From: <bugzilla@jessica.w3.org>
Date: Wed, 21 Nov 2012 06:02:19 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-20034-2486-3Uyjg6kGBp@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=20034

Boris Zbarsky <bzbarsky@mit.edu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bzbarsky@mit.edu

--- Comment #1 from Boris Zbarsky <bzbarsky@mit.edu> ---
I'm going to regret this...

How is this different from doing an XMLHttpRequest to get the data as a string
and calling eval()?

Seems like the real problem here is calling eval() on a string of unknown
provenance, no?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Wednesday, 21 November 2012 06:02:20 UTC