- From: Erik Möller <emoller@opera.com>
- Date: Fri, 11 Mar 2011 17:35:33 +0100
I bet this has been discussed before, but I'm curious as to what people think about breathing some life into a more general version of Mozillas canvas.drawWindow() that draws a snapshot of a DOM window into the canvas? https://developer.mozilla.org/en/drawing_graphics_with_canvas#section_9 I know there are some security considerations (for example listed in the source of drawWindow): // We can't allow web apps to call this until we fix at least the // following potential security issues: // -- rendering cross-domain IFRAMEs and then extracting the results // -- rendering the user's theme and then extracting the results // -- rendering native anonymous content (e.g., file input paths; // scrollbars should be allowed) I'm no security expert, but it seems to me there's an easy way to at least cater for some of the use-cases by always setting origin-clean to false when you use drawWindow(). Sure it's a bit overkill to always mark it dirty, but it's simple and would block you from reading any of the pixels back which would address most (all?) of the security concerns. I'm doing a WebGL demo, so the use-case I have for this would be to render a same-origin page to a canvas and smack that on a monitor in the 3d-world. Intercept mouse clicks, transform them into 2d and passing them on would of course be neat as well and probably opens up the use-cases you could dream up. So, I'm well aware its a tad unconventional, but perhaps someone has a better idea of how something like this could be accomplished... i.e. via SVG and foreignObject or punching a hole in the canvas and applying a transform etc. I'd like to hear your thoughts. -- Erik M?ller Core Developer Opera Software
Received on Friday, 11 March 2011 08:35:33 UTC