- From: Daniel Holbert <dholbert@mozilla.com>
- Date: Wed, 13 Mar 2013 12:52:28 -0700
- To: Dirk Schulze <dschulze@adobe.com>, Robert Longson <longsonr@gmail.com>
- CC: Klaus Förster <klaus.foerster@uibk.ac.at>, "www-svg@w3.org" <www-svg@w3.org>
On 03/12/2013 09:18 AM, Dirk Schulze wrote: > > On Mar 12, 2013, at 2:02 AM, Robert Longson <longsonr@gmail.com> wrote: > >> Klaus, >> >> Once you did such a transfer you can access all the bits of the image >> and do things like read off the visited state of links. We restrict >> image elements not to show things like link visited state to prevent >> such privacy leaks amongst other things. I'd be very wary of >> implementing SVGSVGElement.toDataURL even if it was added to a >> specification because of that. > > I don't think that this is true. Which part of Robert's email are you saying isn't true? Klaus basically asked [paraphrasing]: "You're already rasterizing to the screen when you render SVG content, so why can't you just directly expose that as a rasterized image to authors via SVGSVGElement.toDataURL?" and Robert was pointing out that it's not that simple, because there are privacy implications with directly exposing what we paint on-screen (which we've addressed via the canvas route). > In our tests, neither Gecko nor WebKit exposed information like > visited links to the Canvas, and yet we still mark the Canvas as > dirty. I think we can get rid of this restriction now. AFAIK, Gecko shouldn't be marking the canvas as dirty, as of a year ago -- that should've been fixed here: https://bugzilla.mozilla.org/show_bug.cgi?id=672013 If you discovered otherwise, could you file a bug and/or send me a testcase? ~Daniel
Received on Wednesday, 13 March 2013 19:53:02 UTC