- From: Oliver Hunt <oliver@apple.com>
- Date: Sun, 13 Jan 2008 05:13:52 -0800
On Jan 13, 2008, at 4:57 AM, Philip Taylor wrote: > On 13/01/2008, Oliver Hunt <oliver at apple.com> wrote: >> Writing to a canvas from a different origin isn't considered a >> threat, >> the problem is >> evil.example.com reading data from the canvas after naive.example.com >> has put >> private/confidential information into the canvas. > > In that case, evil.example.com shouldn't be allowed to read anything > (pixel data or context state) from the canvas after naive.example.com > has done anything at all to it (e.g. calling fillRect, or setting > fillStyle, etc), because otherwise some potentially-private > information will be leaked. (putImageData can be emulated using > fillRect, so it wouldn't make much sense to have different security > restrictions depending on which equivalent mechanism you use.) > > Don't the normal same-origin restrictions already prevent > naive.example.com and evil.example.com accessing the same canvas > element, in the same way as (I assume) they prevent evil.example.com > accessing an <input type=password>.value from a naive.example.com > document? I did wonder about why other origins could read anything myself, so you're not alone -- it just seemed especially odd to allow images to be written safely but not ImageData. I'm as yet unsure whether a separate origin should be able to write -- i have nothing to back this up with but it seems that you could potentially right to a canvas from a separate domain to make the canvas look like something it wasn't -- but i'm not familiar enough with the other origin related policies in html5 to be able to say anything meaningful. I only noticed this as i was looking at the ImageData portion of the spec just now :D I assume there was a reason that reading from the canvas from another origin is ever allowed, but I can't think of what it might be -- any thoughts/ recollections from others would be well received :D --Oliver > > > -- > Philip Taylor > excors at gmail.com
Received on Sunday, 13 January 2008 05:13:52 UTC