- From: Mathieu HENRI <p01@opera.com>
- Date: Fri, 18 Jan 2008 11:55:16 +0100
Anne van Kesteren wrote: > On Sun, 13 Jan 2008 14:13:52 +0100, Oliver Hunt <oliver at apple.com> wrote: >> I did wonder about why other origins could read anything myself, so >> you're not alone -- it just seemed especially odd to allow images to >> be written safely but not ImageData. > > ImageData is always safe as you create it yourself. To clarify this very point: An ImageData is always safe because: * getImageData(...) must throw a Security Violation exception when called on a tainted Canvas. * it is created manually, and other same origin policies prevent information leak in to it. -- Mathieu 'p01' HENRI JavaScript developer, Opera Software ASA
Received on Friday, 18 January 2008 02:55:16 UTC