[whatwg] Minor addition/rewording for canvas section
Oliver Hunt
oliver at apple.com
Sun Jan 13 04:42:20 PST 2008
On Jan 13, 2008, at 4:22 AM, Philip Taylor wrote:
> What examples of information leakage is this change meant to prevent?
>
> If you have an ImageData object then you can create a new object {
> width: imgdata.width, height: imgdata.height, data: ...copy each array
> element... } and then draw it, circumventing any origin information
> that the ImageData object might be carrying around, so I'm not sure
> why it's useful to care about the ImageData's origin. (That's unlike
> Image objects where there's no other way of extracting the image
> data.)
Writing to a canvas from a different origin isn't considered a threat,
the problem is
evil.example.com reading data from the canvas after naive.example.com
has put
private/confidential information into the canvas.
--Oliver
More information about the whatwg
mailing list