W3C home > Mailing lists > Public > whatwg@whatwg.org > September 2014

Re: [whatwg] Support filters in Canvas

From: Markus Stange <mstange@themasta.com>
Date: Mon, 29 Sep 2014 23:33:07 +0200
Message-ID: <CAL2j+_N0YzfSFtj+yo7dRi=A3dj29PQOBdEFReKAabAOFn462Q@mail.gmail.com>
To: Dirk Schulze <dschulze@adobe.com>
Cc: WHAT Working Group <whatwg@whatwg.org>
On Mon, Sep 29, 2014 at 8:09 PM, Dirk Schulze <dschulze@adobe.com> wrote:
> On Sep 29, 2014, at 7:20 PM, Markus Stange <mstange@themasta.com> wrote:
>> - For a <feImage> primitive, if the required image hasn't finished
>> loading at the time of drawing, this <feImage> primitive renders
>> transparent black.
>
> I think there is more than the asynch consideration. CSS does not have setting for cross origin content. While it is planned, it simply isn’t there yet. That means SVG filters can be loaded from pretty much any origin. I wonder if this should taint the canvas. Have you though about this?

Good point! I hadn't thought about this. I don't see much point in
disallowing the use of cross-origin filters (who would put sensitive
data inside a filter?), but it certainly would be bad if one could
paint images from a different domain into the canvas using <feImage>
and then read the pixels. So cross-domain feImage loads should
certainly taint the canvas.

Markus
Received on Monday, 29 September 2014 21:33:31 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:23 UTC