W3C home > Mailing lists > Public > whatwg@whatwg.org > April 2010

[whatwg] Canvas 2D Context Proposal: resetOriginClean

From: Jonas Sicking <jonas@sicking.cc>
Date: Sat, 24 Apr 2010 09:45:33 -0700
Message-ID: <t2r63df84f1004240945r63d194d9m71c4b235b22c13a1@mail.gmail.com>
On Fri, Apr 23, 2010 at 5:56 PM, Anne van Kesteren <annevk at opera.com> wrote:
> On Sat, 24 Apr 2010 04:04:57 +0900, Jonas Sicking <jonas at sicking.cc> wrote:
>>
>> This would require changes to both HTML and to CORS, but not too bad.
>> And the result is significantly better as it doesn't require the user
>> to get involved and decide what's safe and what's not.
>
> What changes to CORS would be required? It is designed to make this "just
> work" so if anything is wrong I'd like to know. Specifically the "resource
> sharing check" is what HTML would use here.

Ah, I see that CORS doesn't require the network connection to be
aborted even when the "cross-origin request status" reaches "network
error". So it does indeed seem like all that's needed is for HTML to
say that CORS should be used while fetching the image, and that if the
resulting "cross-origin request status" is "success", then tainting
doesn't happen when said image is drawn into a canvas.

/ Jonas
Received on Saturday, 24 April 2010 09:45:33 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:22 UTC