W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2011

[whatwg] [CORS] WebKit tainting image instead of throwing error

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Tue, 04 Oct 2011 14:50:30 -0400
Message-ID: <4E8B5576.3070605@mit.edu>
On 10/4/11 2:32 PM, Odin H?rthe Omdal wrote:
> WebKit, on the other hand, only taints the image and loads it anyway,
> breaking the spec.

File a bug on them please?  The idea of CORS is that CORS-using requests 
stop making the harmful distinction between ability to embed and ability 
to read.  That's why CORS had to be opt-in for images.  If WebKit is not 
implenenting this properly, they just need to fix their code...

And in particular an <img crossorigin> that's in the DOM and fails the 
CORS checks should not render the image on the page.  Anything else is 
just broken.

-Boris
Received on Tuesday, 4 October 2011 11:50:30 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:37 UTC