W3C home > Mailing lists > Public > public-html@w3.org > July 2008

Re: <canvas> JPEG quality

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Fri, 25 Jul 2008 19:29:50 -0700
Message-ID: <488A8C1E.40401@mit.edu>
To: Philip Taylor <pjt47@cam.ac.uk>
CC: HTML WG <public-html@w3.org>

Philip Taylor wrote:
>   "Arguments other than the type must be ignored, and must not cause the 
> user agent to raise an exception (as would normally occur if a method 
> was called with the wrong number of arguments). A future version of this 
> specification will probably allow extra parameters to be passed to 
> toDataURL() to allow authors to more carefully control compression 
> settings, image metadata, etc."
> Firefox 2/3 violates the spec 
> (https://bugzilla.mozilla.org/show_bug.cgi?id=401795) and throws a 
> security exception when there's an extra argument to toDataURL

Actually, it allows passing in options to control PNG encoding (exactly 
as described above), but there has been no security review to see 
whether those options are OK for untrusted content, hence the exception 
if the caller doesn't have certain privileges.

It's not clear to me how UAs can experiment with allowing various 
options here without running afoul of the spec, to be honest, since 
anything you do is likely to conflict with future to-be-specified behavior.

If we're going to have an extensibility mechanism here, it seems like it 
would be nice if it could be used for extensibility....

Received on Saturday, 26 July 2008 02:30:54 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 9 October 2021 18:44:34 UTC