W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2008

[whatwg] Minor addition/rewording for canvas section

From: Oliver Hunt <oliver@apple.com>
Date: Sun, 13 Jan 2008 04:42:20 -0800
Message-ID: <3885FFD8-ACCE-4C90-95E5-E082FA48DDF0@apple.com>

On Jan 13, 2008, at 4:22 AM, Philip Taylor wrote:

> What examples of information leakage is this change meant to prevent?
>
> If you have an ImageData object then you can create a new object {
> width: imgdata.width, height: imgdata.height, data: ...copy each array
> element... } and then draw it, circumventing any origin information
> that the ImageData object might be carrying around, so I'm not sure
> why it's useful to care about the ImageData's origin. (That's unlike
> Image objects where there's no other way of extracting the image
> data.)

Writing to a canvas from a different origin isn't considered a threat,  
the problem is
evil.example.com reading data from the canvas after naive.example.com  
has put
private/confidential information into the canvas.

--Oliver
Received on Sunday, 13 January 2008 04:42:20 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:00 UTC