W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2011

[whatwg] Canvas and drawWindow

From: Adam Barth <w3c@adambarth.com>
Date: Mon, 14 Mar 2011 22:56:37 -0700
Message-ID: <AANLkTikG-+3pssnsy2fsUfF_3ySqdgvOZbz3ZRMgwqDw@mail.gmail.com>
On Mon, Mar 14, 2011 at 8:05 PM, Robert O'Callahan <robert at ocallahan.org> wrote:
> On Sat, Mar 12, 2011 at 5:56 AM, Tab Atkins Jr. <jackalmage at gmail.com>wrote:
>
>> I think we should be closing the <svg>/<foreignObject> hole, not
>> expanding it as the primary way to smuggle in drawWindow
>> functionality. ?^_^
>
> I actually think svg image + foreignobject is an OK way to smuggle in the
> functionality of rendering HTML fragments to a canvas :-). In Gecko, to
> solve various security problems we've made SVG images be a very restrictive
> browsing context, which can't for example load any subresource other than
> data: URIs. The elements of an SVG image also can't receive input events.
> Those measures alone neutralize a lot of the problems with drawWindow.
> Unlike IFRAMEs, pages can't reach into the DOM of SVG images to get around
> those restrictions. We can make SVG image documents never honor :visited
> selectors.

That's roughly how SVG images work in WebKit as well.  SVG images are
rendered with a fake set of clients (i.e., delegates) that prevent the
SVG image from talking to much of the rest of the browser.

Adam
Received on Monday, 14 March 2011 22:56:37 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:31 UTC