[whatwg] Canvas and drawWindow

On Mon, Mar 14, 2011 at 8:05 PM, Robert O'Callahan <robert at ocallahan.org> wrote:
> On Sat, Mar 12, 2011 at 5:56 AM, Tab Atkins Jr. <jackalmage at gmail.com>wrote:
>
>> I think we should be closing the <svg>/<foreignObject> hole, not
>> expanding it as the primary way to smuggle in drawWindow
>> functionality. ?^_^
>
> I actually think svg image + foreignobject is an OK way to smuggle in the
> functionality of rendering HTML fragments to a canvas :-). In Gecko, to
> solve various security problems we've made SVG images be a very restrictive
> browsing context, which can't for example load any subresource other than
> data: URIs. The elements of an SVG image also can't receive input events.
> Those measures alone neutralize a lot of the problems with drawWindow.
> Unlike IFRAMEs, pages can't reach into the DOM of SVG images to get around
> those restrictions. We can make SVG image documents never honor :visited
> selectors.

That's roughly how SVG images work in WebKit as well.  SVG images are
rendered with a fake set of clients (i.e., delegates) that prevent the
SVG image from talking to much of the rest of the browser.

Adam

Received on Monday, 14 March 2011 22:56:37 UTC