- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 12 May 2011 05:58:35 +0000 (UTC)
On Fri, 11 Mar 2011, Erik M?ller wrote: > > I bet this has been discussed before, but I'm curious as to what people > think about breathing some life into a more general version of Mozillas > canvas.drawWindow() that draws a snapshot of a DOM window into the > canvas? This is something that is rife with serious security concerns: exposing history, the potential for cross-origin data leakage, introspecting spelling-checker user dictionaries, inspecting data that is otherwise hidden such as user theme preferences or file input paths... This is not something to undertake lightly. Even if we found a way to actually determine when to taint a drawn image, we could never allow such data to be uploaded to a server or reused in WebGL (due to the shader timing attacks). And working out when something has any cross-origin pixels is vastly more complicated than it appears. CSS reflections, SVG transforms, fonts, iframes, the CSS 'content' property... the list of possible ways one could taint something is absurdly high. This is an area where more than ever I think browsers will have to lead by experimentation. If a solid safe solution can be figured out and that everyone is willing to implement, meaning one that doesn't involve laundry lists of things to test for or risk a whack-a-mole race, then I'd be happy to specify it. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 11 May 2011 22:58:35 UTC