- From: Oliver Hunt <oliver@apple.com>
- Date: Sun, 13 Jan 2008 04:42:20 -0800
On Jan 13, 2008, at 4:22 AM, Philip Taylor wrote:
> What examples of information leakage is this change meant to prevent?
>
> If you have an ImageData object then you can create a new object {
> width: imgdata.width, height: imgdata.height, data: ...copy each array
> element... } and then draw it, circumventing any origin information
> that the ImageData object might be carrying around, so I'm not sure
> why it's useful to care about the ImageData's origin. (That's unlike
> Image objects where there's no other way of extracting the image
> data.)
Writing to a canvas from a different origin isn't considered a threat,
the problem is
evil.example.com reading data from the canvas after naive.example.com
has put
private/confidential information into the canvas.
--Oliver
Received on Sunday, 13 January 2008 04:42:20 UTC