[html5] r6105 - [giow] (2) taint canvas if we even _consider_ a cross-site font Fixing http://ww [...]
whatwg at whatwg.org
whatwg at whatwg.org
Fri May 6 13:03:27 PDT 2011
Author: ianh
Date: 2011-05-06 13:03:26 -0700 (Fri, 06 May 2011)
New Revision: 6105
Modified:
complete.html
index
source
Log:
[giow] (2) taint canvas if we even _consider_ a cross-site font
Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=12309
Modified: complete.html
===================================================================
--- complete.html 2011-05-06 19:56:13 UTC (rev 6104)
+++ complete.html 2011-05-06 20:03:26 UTC (rev 6105)
@@ -37046,10 +37046,15 @@
false when the pattern was created.</li>
<li><p>The element's 2D context's <code title=dom-context-2d-fillText><a href=#dom-context-2d-filltext>fillText()</a></code> or <code title=dom-context-2d-fillText><a href=#dom-context-2d-filltext>strokeText()</a></code> methods are
- invoked and end up using a font that has an <a href=#origin>origin</a>
+ invoked and consider using a font that has an <a href=#origin>origin</a>
that is not the <a href=#same-origin title="same origin">same</a> as that of
the <code><a href=#document>Document</a></code> object that owns the <code><a href=#the-canvas-element>canvas</a></code>
- element.</li>
+ element. (The font doesn't even have to be used; all that matters
+ is whether the font was considered for any of the glyphs
+ drawn.)</li> <!-- because fonts could consider sensitive
+ material, I guess; and because that sensitivity could extend to
+ whether or not a particular glyph is in the font in the first
+ place. -->
</ul><p>Whenever the <code title=dom-canvas-toDataURL><a href=#dom-canvas-todataurl>toDataURL()</a></code> method of a
<code><a href=#the-canvas-element>canvas</a></code> element whose <i>origin-clean</i> flag is set to
Modified: index
===================================================================
--- index 2011-05-06 19:56:13 UTC (rev 6104)
+++ index 2011-05-06 20:03:26 UTC (rev 6105)
@@ -37074,10 +37074,15 @@
false when the pattern was created.</li>
<li><p>The element's 2D context's <code title=dom-context-2d-fillText><a href=#dom-context-2d-filltext>fillText()</a></code> or <code title=dom-context-2d-fillText><a href=#dom-context-2d-filltext>strokeText()</a></code> methods are
- invoked and end up using a font that has an <a href=#origin>origin</a>
+ invoked and consider using a font that has an <a href=#origin>origin</a>
that is not the <a href=#same-origin title="same origin">same</a> as that of
the <code><a href=#document>Document</a></code> object that owns the <code><a href=#the-canvas-element>canvas</a></code>
- element.</li>
+ element. (The font doesn't even have to be used; all that matters
+ is whether the font was considered for any of the glyphs
+ drawn.)</li> <!-- because fonts could consider sensitive
+ material, I guess; and because that sensitivity could extend to
+ whether or not a particular glyph is in the font in the first
+ place. -->
</ul><p>Whenever the <code title=dom-canvas-toDataURL><a href=#dom-canvas-todataurl>toDataURL()</a></code> method of a
<code><a href=#the-canvas-element>canvas</a></code> element whose <i>origin-clean</i> flag is set to
Modified: source
===================================================================
--- source 2011-05-06 19:56:13 UTC (rev 6104)
+++ source 2011-05-06 20:03:26 UTC (rev 6105)
@@ -41157,10 +41157,15 @@
<li><p>The element's 2D context's <code
title="dom-context-2d-fillText">fillText()</code> or <code
title="dom-context-2d-fillText">strokeText()</code> methods are
- invoked and end up using a font that has an <span>origin</span>
+ invoked and consider using a font that has an <span>origin</span>
that is not the <span title="same origin">same</span> as that of
the <code>Document</code> object that owns the <code>canvas</code>
- element.</p></li>
+ element. (The font doesn't even have to be used; all that matters
+ is whether the font was considered for any of the glyphs
+ drawn.)</p></li> <!-- because fonts could consider sensitive
+ material, I guess; and because that sensitivity could extend to
+ whether or not a particular glyph is in the font in the first
+ place. -->
</ul>
More information about the Commit-Watchers
mailing list