[whatwg] Canvas 2D Context Proposal: resetOriginClean from Charles Pritchard on 2010-07-29 (public-whatwg-archive@w3.org from July 2010)

From: Charles Pritchard <chuck@jumis.com>
Date: Thu, 29 Jul 2010 15:44:53 -0700
Message-ID: <4C520465.1030906@jumis.com>
On 7/29/2010 3:37 PM, Ian Hickson wrote:
> On Tue, 20 Apr 2010, Charles Pritchard wrote:
>    
>> There does not seem to be a standard method of requesting elevated
>> permissions where local file access or cross-domain file access is
>> required.
>>      
> Requesting permissions from whom? The user is not in any place to make
> educated decisions about such things, the user agent can't know what's
> secure ahead of time, and the author can't be trusted. That doesn't leave
> many people. :-)
>
>    
At the time, I was looking for a usable method of providing the user the 
option to
paste the URL of an image resource, and load it for manipulation with 
Canvas.

This lead to further discussion, bringing up the fact that CORS has not 
really been implemented
for use with Canvas, via drawImage.

I then realized that my best route of implementation is an 
XMLHttpRequest, followed by
base64 encoding, then loading that data through the <img> tag.

Unfortunately, base64 encoding of binary is really terrible in Firefox; 
btoa/atob functions
seem to be written without much enthusiasm for large strings.

We'd want to use XMLHttpRequest anyway, so that we can store the 
original image data
in offline storage. Otherwise, by grabbing the image data from a canvas 
tag, we end up
with a large png file, when we could be saving the original jpg image.

Again, this circles around issues with Blob handling, more than it does 
with security,
as XMLHttpRequest does support CORS, and is still our only widely 
implemented method
of dealing with streams.

>> Currently, one must create a duplicate origin-clean Canvas element to
>> copy image data from a dirty element after privilege escalation.
>>      
> What is "privilege escalation"?
>
>    
In this case, a user giving the script permission to clear the 
origin-clean flag.
>> Proposed method:
>> CanvasRenderingContext2D
>>     resetOriginClean
>> throws SECURITY_ERR  exception
>>
>> When resetOriginClean is executed, an implementation shall request
>> elevated privileges, and if granted, set the origin-clean flag of the
>> canvas element to true.
>>      
> What's the use case?
>    
There are some warnings in browsers for other security items:
  "This HTTPS Certificate is not valid, Continue / Cancel"

It does set a precedent for prompts like:
  "This domain kitties4life.com is trying to access an image from 
flickr.com, Continue / Cancel".

But, as I've said, using CORS is a far better alternative;
and using XMLHttpRequest isn't completely absurd, provided there were
a clean route for managing the data.

> On Fri, 23 Apr 2010, Charles Pritchard wrote:
>    
>> Has there been progress on enabling Canvas origin-clean with
>> Cross-Origin Resource Sharing?
>>      
> The plan is to start using CORS once it's well-established in XHR2.
>
>
Received on Thursday, 29 July 2010 15:44:53 UTC