W3C home > Mailing lists > Public > www-svg@w3.org > March 2013

Re: SVGSVGElement.toDataURL()

From: Daniel Holbert <dholbert@mozilla.com>
Date: Wed, 13 Mar 2013 12:52:28 -0700
Message-ID: <5140D8FC.5000404@mozilla.com>
To: Dirk Schulze <dschulze@adobe.com>, Robert Longson <longsonr@gmail.com>
CC: Klaus Förster <klaus.foerster@uibk.ac.at>, "www-svg@w3.org" <www-svg@w3.org>
On 03/12/2013 09:18 AM, Dirk Schulze wrote:
> On Mar 12, 2013, at 2:02 AM, Robert Longson <longsonr@gmail.com> wrote:
>> Klaus,
>> Once you did such a transfer you can access all the bits of the image
>> and do things like read off the visited state of links. We restrict
>> image elements not to show things like link visited state to prevent
>> such privacy leaks amongst other things. I'd be very wary of
>> implementing SVGSVGElement.toDataURL even if it was added to a
>> specification because of that.
> I don't think that this is true.

Which part of Robert's email are you saying isn't true?

Klaus basically asked [paraphrasing]:
  "You're already rasterizing to the screen when you render
  SVG content, so why can't you just directly expose that as
  a rasterized image to authors via SVGSVGElement.toDataURL?"
and Robert was pointing out that it's not that simple, because there are
privacy implications with directly exposing what we paint on-screen
(which we've addressed via the canvas route).

> In our tests, neither Gecko nor WebKit exposed information like
> visited links to the Canvas, and yet we still mark the Canvas as
> dirty. I think we can get rid of this restriction now.

AFAIK, Gecko shouldn't be marking the canvas as dirty, as of a year ago
-- that should've been fixed here:

If you discovered otherwise, could you file a bug and/or send me a testcase?

Received on Wednesday, 13 March 2013 19:53:02 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:54:41 UTC