[whatwg] Minor addition/rewording for canvas section

Oliver Hunt oliver at apple.com
Sun Jan 13 04:42:20 PST 2008


On Jan 13, 2008, at 4:22 AM, Philip Taylor wrote:

> What examples of information leakage is this change meant to prevent?
>
> If you have an ImageData object then you can create a new object {
> width: imgdata.width, height: imgdata.height, data: ...copy each array
> element... } and then draw it, circumventing any origin information
> that the ImageData object might be carrying around, so I'm not sure
> why it's useful to care about the ImageData's origin. (That's unlike
> Image objects where there's no other way of extracting the image
> data.)

Writing to a canvas from a different origin isn't considered a threat,  
the problem is
evil.example.com reading data from the canvas after naive.example.com  
has put
private/confidential information into the canvas.

--Oliver




More information about the whatwg mailing list