[whatwg] Minor addition/rewording for canvas section

Philip Taylor excors+whatwg at gmail.com
Sun Jan 13 04:22:36 PST 2008


On 13/01/2008, Oliver Hunt <oliver at apple.com> wrote:
> Hi all,
>
> Section 3.14.11 contains the statement:
> "Security: To prevent information leakage, the toDataURL() and
> getImageData() methods should raise a security exception if
> the canvas has ever had an image painted on it whose origin is different
> from that of the script calling the method."
>
> In the interests of completeness this should probably read
> "Security: To prevent information leakage, the toDataURL() and
> getImageData() methods should raise a security exception if
> the canvas has ever had an image or ImageData painted on it whose origin is
> different from that of the script calling the method."
> (or similar)

What examples of information leakage is this change meant to prevent?

If you have an ImageData object then you can create a new object {
width: imgdata.width, height: imgdata.height, data: ...copy each array
element... } and then draw it, circumventing any origin information
that the ImageData object might be carrying around, so I'm not sure
why it's useful to care about the ImageData's origin. (That's unlike
Image objects where there's no other way of extracting the image
data.)

-- 
Philip Taylor
excors at gmail.com



More information about the whatwg mailing list