W3C home > Mailing lists > Public > public-html-diffs@w3.org > May 2011

hixie: taint canvas if we even _consider_ a cross-site font (whatwg r6105)

From: poot <cvsmail@w3.org>
Date: Fri, 06 May 2011 16:06:12 -0400
To: public-html-diffs@w3.org
Message-Id: <E1QIRHw-0005Nt-SQ@jay.w3.org>
hixie: taint canvas if we even _consider_ a cross-site font (whatwg


RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.4907
retrieving revision 1.4908
diff -u -d -r1.4907 -r1.4908
--- Overview.html	6 May 2011 19:56:18 -0000	1.4907
+++ Overview.html	6 May 2011 20:03:31 -0000	1.4908
@@ -27297,11 +27297,12 @@
    false when the pattern was created.</li>
    <li><p>The element's 2D context's <code title="dom-context-2d-fillText">fillText()</code> or <code title="dom-context-2d-fillText">strokeText()</code> methods are
-   invoked and end up using a font that has an <a href="#origin">origin</a>
+   invoked and consider using a font that has an <a href="#origin">origin</a>
    that is not the <a href="#same-origin" title="same origin">same</a> as that of
    the <code><a href="#document">Document</a></code> object that owns the <code><a href="#the-canvas-element">canvas</a></code>
-   element.</li>
+   element. (The font doesn't even have to be used; all that matters
+   is whether the font was considered for any of the glyphs
+   drawn.)</li> 
   </ul><p>Whenever the <code title="dom-canvas-toDataURL"><a href="#dom-canvas-todataurl">toDataURL()</a></code> method of a
   <code><a href="#the-canvas-element">canvas</a></code> element whose <i>origin-clean</i> flag is set to
   false is called, the method must raise a <code><a href="#security_err">SECURITY_ERR</a></code>
Received on Friday, 6 May 2011 20:06:14 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:09:16 UTC