[html5] r6879 - [giow] (1) Make sure canvas.toBlob() honours the origin-clean flag. Also, make i [...]
whatwg at whatwg.org
whatwg at whatwg.org
Fri Jan 6 12:46:25 PST 2012
Author: ianh
Date: 2012-01-06 12:46:22 -0800 (Fri, 06 Jan 2012)
New Revision: 6879
Modified:
complete.html
index
source
Log:
[giow] (1) Make sure canvas.toBlob() honours the origin-clean flag. Also, make it more likely this will be implemented correctly by explicitly putting the security checks in the relevant algorithms.
Affected topics: Canvas, DOM APIs, HTML, Security
Modified: complete.html
===================================================================
--- complete.html 2011-12-16 23:24:03 UTC (rev 6878)
+++ complete.html 2012-01-06 20:46:22 UTC (rev 6879)
@@ -240,7 +240,7 @@
<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
- <h2 class="no-num no-toc">Living Standard — Last Updated 16 December 2011</h2>
+ <h2 class="no-num no-toc">Living Standard — Last Updated 6 January 2012</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
@@ -34403,7 +34403,12 @@
<p>The <dfn id=dom-canvas-todataurl title=dom-canvas-toDataURL><code>toDataURL()</code></dfn> method
must run the following steps:</p>
- <ol><li><p>If the canvas has no pixels (i.e. either its horizontal
+ <ol><!--ADD-TOPIC:Security--><li><p>If the <code><a href=#the-canvas-element>canvas</a></code> element's <i>origin-clean</i>
+ flag is set to false, throw a <code><a href=#securityerror>SecurityError</a></code> exception
+ and abort these steps.</p>
+<!--REMOVE-TOPIC:Security-->
+
+ <li><p>If the canvas has no pixels (i.e. either its horizontal
dimension or its vertical dimension is zero) then return the string
"<code title="">data:,</code>" and abort these steps. (This is the
shortest <a href=#data-protocol title="data protocol"><code title="">data:</code>
@@ -34422,7 +34427,12 @@
</ol><p>The <dfn id=dom-canvas-toblob title=dom-canvas-toBlob><code>toBlob()</code></dfn> method
must run the following steps:</p>
- <ol><li><p>Let <var title="">callback</var> be the first
+ <ol><!--ADD-TOPIC:Security--><li><p>If the <code><a href=#the-canvas-element>canvas</a></code> element's <i>origin-clean</i>
+ flag is set to false, throw a <code><a href=#securityerror>SecurityError</a></code> exception
+ and abort these steps.</p>
+<!--REMOVE-TOPIC:Security-->
+
+ <li><p>Let <var title="">callback</var> be the first
argument.</li>
<li><p>Let <var title="">arguments</var> be the second and
@@ -36871,9 +36881,20 @@
of the inline element set to 'pre' and the 'font' property of the
inline element set to the current font of the context as given by
the <code title=dom-context-2d-font><a href=#dom-context-2d-font>font</a></code> attribute, and
- must then return a new <code><a href=#textmetrics>TextMetrics</a></code> object with its
+ must then create a new <code><a href=#textmetrics>TextMetrics</a></code> object with its
<code title=dom-textmetrics-width><a href=#dom-textmetrics-width>width</a></code> attribute set to
- the width of that inline box, in CSS pixels. <a href=#refsCSS>[CSS]</a></p>
+ the width of that inline box, in CSS pixels.
+<!--ADD-TOPIC:Security-->
+ If doing these measurements requires using a font that has an
+ <a href=#origin>origin</a> that is not the <a href=#same-origin title="same
+ origin">same</a> as that of the <code><a href=#document>Document</a></code> object that
+ owns the <code><a href=#the-canvas-element>canvas</a></code> element (even if "using a font" means
+ just checking if that font has a particular glyph in it before
+ falling back to another font), then the method must throw a
+ <code><a href=#securityerror>SecurityError</a></code> exception.
+<!--REMOVE-TOPIC:Security-->
+ Otherwise, it must return the new <code><a href=#textmetrics>TextMetrics</a></code> object.
+ <a href=#refsCSS>[CSS]</a></p>
<p>The <code><a href=#textmetrics>TextMetrics</a></code> interface is used for the objects
returned from <code title=dom-context-2d-measureText><a href=#dom-context-2d-measuretext>measureText()</a></code>. It has one
@@ -37132,14 +37153,18 @@
with transparent black.</p>
<p>The <dfn id=dom-context-2d-getimagedata title=dom-context-2d-getImageData><code>getImageData(<var title="">sx</var>, <var title="">sy</var>, <var title="">sw</var>,
- <var title="">sh</var>)</code></dfn> method must return an
- <code><a href=#imagedata>ImageData</a></code> object representing the underlying pixel data
- for the area of the canvas denoted by the rectangle whose corners are
- the four points (<var title="">sx</var>, <var title="">sy</var>),
- (<span title=""><var title="">sx</var>+<var title="">sw</var></span>, <var title="">sy</var>), (<span title=""><var title="">sx</var>+<var title="">sw</var></span>, <span title=""><var title="">sy</var>+<var title="">sh</var></span>), (<var title="">sx</var>, <span title=""><var title="">sy</var>+<var title="">sh</var></span>), in canvas
- coordinate space units. Pixels outside the canvas must be returned
- as transparent black. Pixels must be returned as non-premultiplied
- alpha values.</p>
+ <var title="">sh</var>)</code></dfn> method must,
+<!--ADD-TOPIC:Security-->
+ if the <code><a href=#the-canvas-element>canvas</a></code> element's <i>origin-clean</i> flag is set
+ to false, throw a <code><a href=#securityerror>SecurityError</a></code> exception; otherwise, it
+<!--REMOVE-TOPIC:Security-->
+ must return an <code><a href=#imagedata>ImageData</a></code> object representing the
+ underlying pixel data for the area of the canvas denoted by the
+ rectangle whose corners are the four points (<var title="">sx</var>,
+ <var title="">sy</var>), (<span title=""><var title="">sx</var>+<var title="">sw</var></span>, <var title="">sy</var>), (<span title=""><var title="">sx</var>+<var title="">sw</var></span>, <span title=""><var title="">sy</var>+<var title="">sh</var></span>),
+ (<var title="">sx</var>, <span title=""><var title="">sy</var>+<var title="">sh</var></span>), in canvas coordinate space units. Pixels
+ outside the canvas must be returned as transparent black. Pixels
+ must be returned as non-premultiplied alpha values.</p>
<p>If any of the arguments to <code title=dom-context-2d-createImageData><a href=#dom-context-2d-createimagedata>createImageData()</a></code> or
<code title=dom-context-2d-getImageData><a href=#dom-context-2d-getimagedata>getImageData()</a></code>
@@ -37631,24 +37656,10 @@
whether or not a particular glyph is in the font in the first
place. -->
- </ul><p>Whenever the <code title=dom-canvas-toDataURL><a href=#dom-canvas-todataurl>toDataURL()</a></code> method of a
- <code><a href=#the-canvas-element>canvas</a></code> element whose <i>origin-clean</i> flag is set to
- false is called, the method must throw a <code><a href=#securityerror>SecurityError</a></code>
- exception.</p>
+ </ul><p>The <code title=dom-canvas-toDataURL><a href=#dom-canvas-todataurl>toDataURL()</a></code>, <code title=dom-canvas-toBlob><a href=#dom-canvas-toblob>toBlob()</a></code>, and <code title=dom-context-2d-getImageData><a href=#dom-context-2d-getimagedata>getImageData()</a></code> methods
+ check the flag and will throw a <code><a href=#securityerror>SecurityError</a></code> exception
+ rather than leak cross-origin data.</p>
- <p>Whenever the <code title=dom-context-2d-getImageData><a href=#dom-context-2d-getimagedata>getImageData()</a></code> method of
- the 2D context of a <code><a href=#the-canvas-element>canvas</a></code> element whose
- <i>origin-clean</i> flag is set to false is called with otherwise
- correct arguments, the method must throw a <code><a href=#securityerror>SecurityError</a></code>
- exception.</p>
-
- <p>Whenever the <code title=dom-context-2d-measureText><a href=#dom-context-2d-measuretext>measureText()</a></code> method of
- the 2D context of a <code><a href=#the-canvas-element>canvas</a></code> element ends up using a font
- that has an <a href=#origin>origin</a> that is not the <a href=#same-origin title="same
- origin">same</a> as that of the <code><a href=#document>Document</a></code> object that
- owns the <code><a href=#the-canvas-element>canvas</a></code> element, the method must throw a
- <code><a href=#securityerror>SecurityError</a></code> exception.</p>
-
<p class=note>Even resetting the canvas state by changing its
<code title=attr-canvas-width><a href=#attr-canvas-width>width</a></code> or <code title=attr-canvas-height><a href=#attr-canvas-height>height</a></code> attributes doesn't reset
the <i>origin-clean</i> flag.</p>
@@ -98196,6 +98207,7 @@
Nicolas Gallagher,
Noah Mendelsohn,
Noah Slater,
+ Noel Gordon,
NoozNooz42,
Ojan Vafai,
Olaf Hoffmann,
Modified: index
===================================================================
--- index 2011-12-16 23:24:03 UTC (rev 6878)
+++ index 2012-01-06 20:46:22 UTC (rev 6879)
@@ -240,7 +240,7 @@
<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
- <h2 class="no-num no-toc">Living Standard — Last Updated 16 December 2011</h2>
+ <h2 class="no-num no-toc">Living Standard — Last Updated 6 January 2012</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
@@ -34403,7 +34403,12 @@
<p>The <dfn id=dom-canvas-todataurl title=dom-canvas-toDataURL><code>toDataURL()</code></dfn> method
must run the following steps:</p>
- <ol><li><p>If the canvas has no pixels (i.e. either its horizontal
+ <ol><!--ADD-TOPIC:Security--><li><p>If the <code><a href=#the-canvas-element>canvas</a></code> element's <i>origin-clean</i>
+ flag is set to false, throw a <code><a href=#securityerror>SecurityError</a></code> exception
+ and abort these steps.</p>
+<!--REMOVE-TOPIC:Security-->
+
+ <li><p>If the canvas has no pixels (i.e. either its horizontal
dimension or its vertical dimension is zero) then return the string
"<code title="">data:,</code>" and abort these steps. (This is the
shortest <a href=#data-protocol title="data protocol"><code title="">data:</code>
@@ -34422,7 +34427,12 @@
</ol><p>The <dfn id=dom-canvas-toblob title=dom-canvas-toBlob><code>toBlob()</code></dfn> method
must run the following steps:</p>
- <ol><li><p>Let <var title="">callback</var> be the first
+ <ol><!--ADD-TOPIC:Security--><li><p>If the <code><a href=#the-canvas-element>canvas</a></code> element's <i>origin-clean</i>
+ flag is set to false, throw a <code><a href=#securityerror>SecurityError</a></code> exception
+ and abort these steps.</p>
+<!--REMOVE-TOPIC:Security-->
+
+ <li><p>Let <var title="">callback</var> be the first
argument.</li>
<li><p>Let <var title="">arguments</var> be the second and
@@ -36871,9 +36881,20 @@
of the inline element set to 'pre' and the 'font' property of the
inline element set to the current font of the context as given by
the <code title=dom-context-2d-font><a href=#dom-context-2d-font>font</a></code> attribute, and
- must then return a new <code><a href=#textmetrics>TextMetrics</a></code> object with its
+ must then create a new <code><a href=#textmetrics>TextMetrics</a></code> object with its
<code title=dom-textmetrics-width><a href=#dom-textmetrics-width>width</a></code> attribute set to
- the width of that inline box, in CSS pixels. <a href=#refsCSS>[CSS]</a></p>
+ the width of that inline box, in CSS pixels.
+<!--ADD-TOPIC:Security-->
+ If doing these measurements requires using a font that has an
+ <a href=#origin>origin</a> that is not the <a href=#same-origin title="same
+ origin">same</a> as that of the <code><a href=#document>Document</a></code> object that
+ owns the <code><a href=#the-canvas-element>canvas</a></code> element (even if "using a font" means
+ just checking if that font has a particular glyph in it before
+ falling back to another font), then the method must throw a
+ <code><a href=#securityerror>SecurityError</a></code> exception.
+<!--REMOVE-TOPIC:Security-->
+ Otherwise, it must return the new <code><a href=#textmetrics>TextMetrics</a></code> object.
+ <a href=#refsCSS>[CSS]</a></p>
<p>The <code><a href=#textmetrics>TextMetrics</a></code> interface is used for the objects
returned from <code title=dom-context-2d-measureText><a href=#dom-context-2d-measuretext>measureText()</a></code>. It has one
@@ -37132,14 +37153,18 @@
with transparent black.</p>
<p>The <dfn id=dom-context-2d-getimagedata title=dom-context-2d-getImageData><code>getImageData(<var title="">sx</var>, <var title="">sy</var>, <var title="">sw</var>,
- <var title="">sh</var>)</code></dfn> method must return an
- <code><a href=#imagedata>ImageData</a></code> object representing the underlying pixel data
- for the area of the canvas denoted by the rectangle whose corners are
- the four points (<var title="">sx</var>, <var title="">sy</var>),
- (<span title=""><var title="">sx</var>+<var title="">sw</var></span>, <var title="">sy</var>), (<span title=""><var title="">sx</var>+<var title="">sw</var></span>, <span title=""><var title="">sy</var>+<var title="">sh</var></span>), (<var title="">sx</var>, <span title=""><var title="">sy</var>+<var title="">sh</var></span>), in canvas
- coordinate space units. Pixels outside the canvas must be returned
- as transparent black. Pixels must be returned as non-premultiplied
- alpha values.</p>
+ <var title="">sh</var>)</code></dfn> method must,
+<!--ADD-TOPIC:Security-->
+ if the <code><a href=#the-canvas-element>canvas</a></code> element's <i>origin-clean</i> flag is set
+ to false, throw a <code><a href=#securityerror>SecurityError</a></code> exception; otherwise, it
+<!--REMOVE-TOPIC:Security-->
+ must return an <code><a href=#imagedata>ImageData</a></code> object representing the
+ underlying pixel data for the area of the canvas denoted by the
+ rectangle whose corners are the four points (<var title="">sx</var>,
+ <var title="">sy</var>), (<span title=""><var title="">sx</var>+<var title="">sw</var></span>, <var title="">sy</var>), (<span title=""><var title="">sx</var>+<var title="">sw</var></span>, <span title=""><var title="">sy</var>+<var title="">sh</var></span>),
+ (<var title="">sx</var>, <span title=""><var title="">sy</var>+<var title="">sh</var></span>), in canvas coordinate space units. Pixels
+ outside the canvas must be returned as transparent black. Pixels
+ must be returned as non-premultiplied alpha values.</p>
<p>If any of the arguments to <code title=dom-context-2d-createImageData><a href=#dom-context-2d-createimagedata>createImageData()</a></code> or
<code title=dom-context-2d-getImageData><a href=#dom-context-2d-getimagedata>getImageData()</a></code>
@@ -37631,24 +37656,10 @@
whether or not a particular glyph is in the font in the first
place. -->
- </ul><p>Whenever the <code title=dom-canvas-toDataURL><a href=#dom-canvas-todataurl>toDataURL()</a></code> method of a
- <code><a href=#the-canvas-element>canvas</a></code> element whose <i>origin-clean</i> flag is set to
- false is called, the method must throw a <code><a href=#securityerror>SecurityError</a></code>
- exception.</p>
+ </ul><p>The <code title=dom-canvas-toDataURL><a href=#dom-canvas-todataurl>toDataURL()</a></code>, <code title=dom-canvas-toBlob><a href=#dom-canvas-toblob>toBlob()</a></code>, and <code title=dom-context-2d-getImageData><a href=#dom-context-2d-getimagedata>getImageData()</a></code> methods
+ check the flag and will throw a <code><a href=#securityerror>SecurityError</a></code> exception
+ rather than leak cross-origin data.</p>
- <p>Whenever the <code title=dom-context-2d-getImageData><a href=#dom-context-2d-getimagedata>getImageData()</a></code> method of
- the 2D context of a <code><a href=#the-canvas-element>canvas</a></code> element whose
- <i>origin-clean</i> flag is set to false is called with otherwise
- correct arguments, the method must throw a <code><a href=#securityerror>SecurityError</a></code>
- exception.</p>
-
- <p>Whenever the <code title=dom-context-2d-measureText><a href=#dom-context-2d-measuretext>measureText()</a></code> method of
- the 2D context of a <code><a href=#the-canvas-element>canvas</a></code> element ends up using a font
- that has an <a href=#origin>origin</a> that is not the <a href=#same-origin title="same
- origin">same</a> as that of the <code><a href=#document>Document</a></code> object that
- owns the <code><a href=#the-canvas-element>canvas</a></code> element, the method must throw a
- <code><a href=#securityerror>SecurityError</a></code> exception.</p>
-
<p class=note>Even resetting the canvas state by changing its
<code title=attr-canvas-width><a href=#attr-canvas-width>width</a></code> or <code title=attr-canvas-height><a href=#attr-canvas-height>height</a></code> attributes doesn't reset
the <i>origin-clean</i> flag.</p>
@@ -98196,6 +98207,7 @@
Nicolas Gallagher,
Noah Mendelsohn,
Noah Slater,
+ Noel Gordon,
NoozNooz42,
Ojan Vafai,
Olaf Hoffmann,
Modified: source
===================================================================
--- source 2011-12-16 23:24:03 UTC (rev 6878)
+++ source 2012-01-06 20:46:22 UTC (rev 6879)
@@ -40052,6 +40052,12 @@
<ol>
+<!--ADD-TOPIC:Security-->
+ <li><p>If the <code>canvas</code> element's <i>origin-clean</i>
+ flag is set to false, throw a <code>SecurityError</code> exception
+ and abort these steps.</p>
+<!--REMOVE-TOPIC:Security-->
+
<li><p>If the canvas has no pixels (i.e. either its horizontal
dimension or its vertical dimension is zero) then return the string
"<code title="">data:,</code>" and abort these steps. (This is the
@@ -40079,6 +40085,12 @@
<ol>
+<!--ADD-TOPIC:Security-->
+ <li><p>If the <code>canvas</code> element's <i>origin-clean</i>
+ flag is set to false, throw a <code>SecurityError</code> exception
+ and abort these steps.</p>
+<!--REMOVE-TOPIC:Security-->
+
<li><p>Let <var title="">callback</var> be the first
argument.</p></li>
@@ -42989,10 +43001,20 @@
of the inline element set to 'pre' and the 'font' property of the
inline element set to the current font of the context as given by
the <code title="dom-context-2d-font">font</code> attribute, and
- must then return a new <code>TextMetrics</code> object with its
+ must then create a new <code>TextMetrics</code> object with its
<code title="dom-textmetrics-width">width</code> attribute set to
- the width of that inline box, in CSS pixels. <a
- href="#refsCSS">[CSS]</a></p>
+ the width of that inline box, in CSS pixels.
+<!--ADD-TOPIC:Security-->
+ If doing these measurements requires using a font that has an
+ <span>origin</span> that is not the <span title="same
+ origin">same</span> as that of the <code>Document</code> object that
+ owns the <code>canvas</code> element (even if "using a font" means
+ just checking if that font has a particular glyph in it before
+ falling back to another font), then the method must throw a
+ <code>SecurityError</code> exception.
+<!--REMOVE-TOPIC:Security-->
+ Otherwise, it must return the new <code>TextMetrics</code> object.
+ <a href="#refsCSS">[CSS]</a></p>
<p>The <code>TextMetrics</code> interface is used for the objects
returned from <code
@@ -43304,18 +43326,22 @@
<p>The <dfn
title="dom-context-2d-getImageData"><code>getImageData(<var
title="">sx</var>, <var title="">sy</var>, <var title="">sw</var>,
- <var title="">sh</var>)</code></dfn> method must return an
- <code>ImageData</code> object representing the underlying pixel data
- for the area of the canvas denoted by the rectangle whose corners are
- the four points (<var title="">sx</var>, <var title="">sy</var>),
- (<span title=""><var title="">sx</var>+<var title="">sw</var></span>, <var
- title="">sy</var>), (<span title=""><var title="">sx</var>+<var
- title="">sw</var></span>, <span title=""><var title="">sy</var>+<var
- title="">sh</var></span>), (<var title="">sx</var>, <span title=""><var
- title="">sy</var>+<var title="">sh</var></span>), in canvas
- coordinate space units. Pixels outside the canvas must be returned
- as transparent black. Pixels must be returned as non-premultiplied
- alpha values.</p>
+ <var title="">sh</var>)</code></dfn> method must,
+<!--ADD-TOPIC:Security-->
+ if the <code>canvas</code> element's <i>origin-clean</i> flag is set
+ to false, throw a <code>SecurityError</code> exception; otherwise, it
+<!--REMOVE-TOPIC:Security-->
+ must return an <code>ImageData</code> object representing the
+ underlying pixel data for the area of the canvas denoted by the
+ rectangle whose corners are the four points (<var title="">sx</var>,
+ <var title="">sy</var>), (<span title=""><var title="">sx</var>+<var
+ title="">sw</var></span>, <var title="">sy</var>), (<span
+ title=""><var title="">sx</var>+<var title="">sw</var></span>, <span
+ title=""><var title="">sy</var>+<var title="">sh</var></span>),
+ (<var title="">sx</var>, <span title=""><var title="">sy</var>+<var
+ title="">sh</var></span>), in canvas coordinate space units. Pixels
+ outside the canvas must be returned as transparent black. Pixels
+ must be returned as non-premultiplied alpha values.</p>
<p>If any of the arguments to <code
title="dom-context-2d-createImageData">createImageData()</code> or
@@ -43903,27 +43929,12 @@
</ul>
- <p>Whenever the <code
- title="dom-canvas-toDataURL">toDataURL()</code> method of a
- <code>canvas</code> element whose <i>origin-clean</i> flag is set to
- false is called, the method must throw a <code>SecurityError</code>
- exception.</p>
+ <p>The <code title="dom-canvas-toDataURL">toDataURL()</code>, <code
+ title="dom-canvas-toBlob">toBlob()</code>, and <code
+ title="dom-context-2d-getImageData">getImageData()</code> methods
+ check the flag and will throw a <code>SecurityError</code> exception
+ rather than leak cross-origin data.</p>
- <p>Whenever the <code
- title="dom-context-2d-getImageData">getImageData()</code> method of
- the 2D context of a <code>canvas</code> element whose
- <i>origin-clean</i> flag is set to false is called with otherwise
- correct arguments, the method must throw a <code>SecurityError</code>
- exception.</p>
-
- <p>Whenever the <code
- title="dom-context-2d-measureText">measureText()</code> method of
- the 2D context of a <code>canvas</code> element ends up using a font
- that has an <span>origin</span> that is not the <span title="same
- origin">same</span> as that of the <code>Document</code> object that
- owns the <code>canvas</code> element, the method must throw a
- <code>SecurityError</code> exception.</p>
-
<p class="note">Even resetting the canvas state by changing its
<code title="attr-canvas-width">width</code> or <code
title="attr-canvas-height">height</code> attributes doesn't reset
@@ -115015,6 +115026,7 @@
Nicolas Gallagher,
Noah Mendelsohn,
Noah Slater,
+ Noel Gordon,
NoozNooz42,
Ojan Vafai,
Olaf Hoffmann,
More information about the Commit-Watchers
mailing list