[whatwg] Minor addition/rewording for canvas section
Oliver Hunt
oliver at apple.com
Sun Jan 13 05:13:52 PST 2008
On Jan 13, 2008, at 4:57 AM, Philip Taylor wrote:
> On 13/01/2008, Oliver Hunt <oliver at apple.com> wrote:
>> Writing to a canvas from a different origin isn't considered a
>> threat,
>> the problem is
>> evil.example.com reading data from the canvas after naive.example.com
>> has put
>> private/confidential information into the canvas.
>
> In that case, evil.example.com shouldn't be allowed to read anything
> (pixel data or context state) from the canvas after naive.example.com
> has done anything at all to it (e.g. calling fillRect, or setting
> fillStyle, etc), because otherwise some potentially-private
> information will be leaked. (putImageData can be emulated using
> fillRect, so it wouldn't make much sense to have different security
> restrictions depending on which equivalent mechanism you use.)
>
> Don't the normal same-origin restrictions already prevent
> naive.example.com and evil.example.com accessing the same canvas
> element, in the same way as (I assume) they prevent evil.example.com
> accessing an <input type=password>.value from a naive.example.com
> document?
I did wonder about why other origins could read anything myself, so
you're not
alone -- it just seemed especially odd to allow images to be written
safely but not
ImageData.
I'm as yet unsure whether a separate origin should be able to write --
i have nothing
to back this up with but it seems that you could potentially right to
a canvas from a
separate domain to make the canvas look like something it wasn't --
but i'm not familiar
enough with the other origin related policies in html5 to be able to
say anything
meaningful.
I only noticed this as i was looking at the ImageData portion of the
spec just now :D
I assume there was a reason that reading from the canvas from another
origin is ever
allowed, but I can't think of what it might be -- any thoughts/
recollections from others
would be well received :D
--Oliver
>
>
> --
> Philip Taylor
> excors at gmail.com
More information about the whatwg
mailing list