- From: Boris Zbarsky <bzbarsky@mit.edu>
- Date: Mon, 05 Jan 2015 13:06:12 -0500
- To: public-webappsec@w3.org
On 1/5/15 12:39 PM, Martin Thomson wrote: > Isn't it also the case that cross-origin images like that are > inaccessible to script? That depends on whether the loading page has the "crossorigin" attribute on the image and whether the server sends the appropriate CORS headers. If both those things are done, the page can get access to the image data from script. -Boris
Received on Monday, 5 January 2015 18:06:40 UTC