W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2008

[whatwg] Minor addition/rewording for canvas section

From: Philip Taylor <excors+whatwg@gmail.com>
Date: Sun, 13 Jan 2008 12:57:09 +0000
Message-ID: <ea09c0d10801130457u2c10f505i84796e03b188ed44@mail.gmail.com>
On 13/01/2008, Oliver Hunt <oliver at apple.com> wrote:
> Writing to a canvas from a different origin isn't considered a threat,
> the problem is
> evil.example.com reading data from the canvas after naive.example.com
> has put
> private/confidential information into the canvas.

In that case, evil.example.com shouldn't be allowed to read anything
(pixel data or context state) from the canvas after naive.example.com
has done anything at all to it (e.g. calling fillRect, or setting
fillStyle, etc), because otherwise some potentially-private
information will be leaked. (putImageData can be emulated using
fillRect, so it wouldn't make much sense to have different security
restrictions depending on which equivalent mechanism you use.)

Don't the normal same-origin restrictions already prevent
naive.example.com and evil.example.com accessing the same canvas
element, in the same way as (I assume) they prevent evil.example.com
accessing an <input type=password>.value from a naive.example.com
document?

-- 
Philip Taylor
excors at gmail.com
Received on Sunday, 13 January 2008 04:57:09 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:00 UTC