[html5] r6105 - [giow] (2) taint canvas if we even _consider_ a cross-site font Fixing http://ww [...]

whatwg at whatwg.org whatwg at whatwg.org
Fri May 6 13:03:27 PDT 2011


Author: ianh
Date: 2011-05-06 13:03:26 -0700 (Fri, 06 May 2011)
New Revision: 6105

Modified:
   complete.html
   index
   source
Log:
[giow] (2) taint canvas if we even _consider_ a cross-site font
Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=12309

Modified: complete.html
===================================================================
--- complete.html	2011-05-06 19:56:13 UTC (rev 6104)
+++ complete.html	2011-05-06 20:03:26 UTC (rev 6105)
@@ -37046,10 +37046,15 @@
    false when the pattern was created.</li>
 
    <li><p>The element's 2D context's <code title=dom-context-2d-fillText><a href=#dom-context-2d-filltext>fillText()</a></code> or <code title=dom-context-2d-fillText><a href=#dom-context-2d-filltext>strokeText()</a></code> methods are
-   invoked and end up using a font that has an <a href=#origin>origin</a>
+   invoked and consider using a font that has an <a href=#origin>origin</a>
    that is not the <a href=#same-origin title="same origin">same</a> as that of
    the <code><a href=#document>Document</a></code> object that owns the <code><a href=#the-canvas-element>canvas</a></code>
-   element.</li>
+   element. (The font doesn't even have to be used; all that matters
+   is whether the font was considered for any of the glyphs
+   drawn.)</li> <!-- because fonts could consider sensitive
+   material, I guess; and because that sensitivity could extend to
+   whether or not a particular glyph is in the font in the first
+   place. -->
 
   </ul><p>Whenever the <code title=dom-canvas-toDataURL><a href=#dom-canvas-todataurl>toDataURL()</a></code> method of a
   <code><a href=#the-canvas-element>canvas</a></code> element whose <i>origin-clean</i> flag is set to

Modified: index
===================================================================
--- index	2011-05-06 19:56:13 UTC (rev 6104)
+++ index	2011-05-06 20:03:26 UTC (rev 6105)
@@ -37074,10 +37074,15 @@
    false when the pattern was created.</li>
 
    <li><p>The element's 2D context's <code title=dom-context-2d-fillText><a href=#dom-context-2d-filltext>fillText()</a></code> or <code title=dom-context-2d-fillText><a href=#dom-context-2d-filltext>strokeText()</a></code> methods are
-   invoked and end up using a font that has an <a href=#origin>origin</a>
+   invoked and consider using a font that has an <a href=#origin>origin</a>
    that is not the <a href=#same-origin title="same origin">same</a> as that of
    the <code><a href=#document>Document</a></code> object that owns the <code><a href=#the-canvas-element>canvas</a></code>
-   element.</li>
+   element. (The font doesn't even have to be used; all that matters
+   is whether the font was considered for any of the glyphs
+   drawn.)</li> <!-- because fonts could consider sensitive
+   material, I guess; and because that sensitivity could extend to
+   whether or not a particular glyph is in the font in the first
+   place. -->
 
   </ul><p>Whenever the <code title=dom-canvas-toDataURL><a href=#dom-canvas-todataurl>toDataURL()</a></code> method of a
   <code><a href=#the-canvas-element>canvas</a></code> element whose <i>origin-clean</i> flag is set to

Modified: source
===================================================================
--- source	2011-05-06 19:56:13 UTC (rev 6104)
+++ source	2011-05-06 20:03:26 UTC (rev 6105)
@@ -41157,10 +41157,15 @@
    <li><p>The element's 2D context's <code
    title="dom-context-2d-fillText">fillText()</code> or <code
    title="dom-context-2d-fillText">strokeText()</code> methods are
-   invoked and end up using a font that has an <span>origin</span>
+   invoked and consider using a font that has an <span>origin</span>
    that is not the <span title="same origin">same</span> as that of
    the <code>Document</code> object that owns the <code>canvas</code>
-   element.</p></li>
+   element. (The font doesn't even have to be used; all that matters
+   is whether the font was considered for any of the glyphs
+   drawn.)</p></li> <!-- because fonts could consider sensitive
+   material, I guess; and because that sensitivity could extend to
+   whether or not a particular glyph is in the font in the first
+   place. -->
 
   </ul>
 




More information about the Commit-Watchers mailing list