[whatwg] Minor addition/rewording for canvas section

Philip Taylor excors+whatwg at gmail.com
Sun Jan 13 04:57:09 PST 2008

On 13/01/2008, Oliver Hunt <oliver at apple.com> wrote:
> Writing to a canvas from a different origin isn't considered a threat,
> the problem is
> evil.example.com reading data from the canvas after naive.example.com
> has put
> private/confidential information into the canvas.

In that case, evil.example.com shouldn't be allowed to read anything
(pixel data or context state) from the canvas after naive.example.com
has done anything at all to it (e.g. calling fillRect, or setting
fillStyle, etc), because otherwise some potentially-private
information will be leaked. (putImageData can be emulated using
fillRect, so it wouldn't make much sense to have different security
restrictions depending on which equivalent mechanism you use.)

Don't the normal same-origin restrictions already prevent
naive.example.com and evil.example.com accessing the same canvas
element, in the same way as (I assume) they prevent evil.example.com
accessing an <input type=password>.value from a naive.example.com

Philip Taylor
excors at gmail.com

More information about the whatwg mailing list