- From: Anne van Kesteren <annevk@opera.com>
- Date: Mon, 14 Jan 2008 15:01:13 +0100
On Sun, 13 Jan 2008 14:13:52 +0100, Oliver Hunt <oliver at apple.com> wrote: > I did wonder about why other origins could read anything myself, so > you're not alone -- it just seemed especially odd to allow images to be > written safely but not ImageData. ImageData is always safe as you create it yourself. The specification should also mention that drawing <img src=data:image/png,...> on the <canvas> is safe so that you can actually roundtrip data through the server. The SVG case here is slightly more complex so maybe it's better to have a definition of a "safe HTMLImageElement". > I'm as yet unsure whether a separate origin should be able to write -- i > have nothing to back this up with but it seems that you could > potentially right to a canvas from a separate domain to make the canvas > look like something it wasn't -- but i'm not familiar enough with the > other origin related policies in html5 to be able to say anything > meaningful. Cross-document messaging only allows passing through strings. > I only noticed this as i was looking at the ImageData portion of the > spec just now :D Would be nice if you guys implemented it :-) > I assume there was a reason that reading from the canvas from another > origin is ever allowed, but I can't think of what it might be -- any > thoughts/recollections from others would be well received :D I don't think this is possible. The security model is pretty simple. HTMLImageElement is either safe or unsafe. HTMLCanvasElement is also either safe (default) or unsafe. CanvasPattern is, again, either safe or unsafe. Once you draw an unsafe HTMLImageElement, HTMLCanvasElement, or CanvasPattern on an HTMLCanvasElement you mark the HTMLCanvasElement as unsafe. The toDataURL() and getImageData() functions throw for an unsafe HTMLCanvasElement. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Monday, 14 January 2008 06:01:13 UTC