W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2011

[whatwg] [CORS] WebKit tainting image instead of throwing error

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Tue, 04 Oct 2011 15:17:29 -0400
Message-ID: <4E8B5BC9.6000002@mit.edu>
On 10/4/11 3:14 PM, Anne van Kesteren wrote:
> On Tue, 04 Oct 2011 21:06:29 +0200, Boris Zbarsky <bzbarsky at mit.edu> wrote:
>> Yes; the point of specifying crossorigin is to opt in to the security
>> model we think the web _should_ have but that we can't roll out across
>> the board. Yet.
>
> Well, what you think it should have is not shared by me.

That's fine.  Then you need a better proposal for the various security 
bugs involved.  I'm all ears.

-Boris
Received on Tuesday, 4 October 2011 12:17:29 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:37 UTC