- From: Charles Pritchard <chuck@jumis.com>
- Date: Thu, 22 Apr 2010 17:05:50 -0700
On 4/20/10 7:18 AM, Charles Pritchard wrote: >>/ Proposed method: />>/ CanvasRenderingContext2D />/> resetOriginClean />/> throws SECURITY_ERR exception />>/ />/> When resetOriginClean is executed, an implementation shall request elevated />/> privileges, and if granted, set the origin-clean flag of the canvas />/> element to true. /> > Mozilla almost certainly not be willing to implement such a method. > -Boris Well... as that idea has been torpedoed, what/where is current work being done to unify privilege escalation? ... Boris, you haven't provided me with any reasoning/room to address the issue. In general use resetOriginClean would just throw a security error. It'd only prompt the user for permissions in the same cases that enablePrivilege does. I'm not looking to change nor circumvent the Mozilla browser security model, I'm just trying to standardize the really awkward experience a trusted application has to go through to grab permitted image data. None of that is mentioned in the proposal, elevation is out of spec. Most of the time, resetOriginClean would just return a security error, and not prompt the user for anything. .... Use Case: The following gets me a clean ImageData object which I still need to copy into a Canvas context (likely taking another chunk of RAM). var resetOriginClean = function(o) { var dirty = document.createElement('canvas'); dirty.width = o.width; dirty.height = o.height; (dirty = dirty.getContext('2d')).drawImage(o,0,0); var data; try { try { data = dirty.getImageData(0,0,o.width,o.height); } catch(e) { netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead"); data = dirty.getImageData(0,0,o.width,o.height); netscape.security.PrivilegeManager.revertPrivilege("UniversalBrowserRead"); } } catch(e) { throw "Could not access file for reading. "+e; data = null; } return data; }
Received on Thursday, 22 April 2010 17:05:50 UTC