[whatwg] Minor addition/rewording for canvas section

On Jan 13, 2008, at 4:57 AM, Philip Taylor wrote:

> On 13/01/2008, Oliver Hunt <oliver at apple.com> wrote:
>> Writing to a canvas from a different origin isn't considered a  
>> threat,
>> the problem is
>> evil.example.com reading data from the canvas after naive.example.com
>> has put
>> private/confidential information into the canvas.
>
> In that case, evil.example.com shouldn't be allowed to read anything
> (pixel data or context state) from the canvas after naive.example.com
> has done anything at all to it (e.g. calling fillRect, or setting
> fillStyle, etc), because otherwise some potentially-private
> information will be leaked. (putImageData can be emulated using
> fillRect, so it wouldn't make much sense to have different security
> restrictions depending on which equivalent mechanism you use.)
>
> Don't the normal same-origin restrictions already prevent
> naive.example.com and evil.example.com accessing the same canvas
> element, in the same way as (I assume) they prevent evil.example.com
> accessing an <input type=password>.value from a naive.example.com
> document?

I did wonder about why other origins could read anything myself, so  
you're not
alone -- it just seemed especially odd to allow images to be written  
safely but not
ImageData.

I'm as yet unsure whether a separate origin should be able to write --  
i have nothing
to back this up with but it seems that you could potentially right to  
a canvas from a
separate domain to make the canvas look like something it wasn't --  
but i'm not familiar
enough with the other origin related policies in html5 to be able to  
say anything
meaningful.

I only noticed this as i was looking at the ImageData portion of the  
spec just now :D

I assume there was a reason that reading from the canvas from another  
origin is ever
allowed, but I can't think of what it might be -- any thoughts/ 
recollections from others
would be well received :D

--Oliver

>
>
> -- 
> Philip Taylor
> excors at gmail.com

Received on Sunday, 13 January 2008 05:13:52 UTC