[whatwg] Minor addition/rewording for canvas section
Anne van Kesteren
annevk at opera.com
Mon Jan 14 06:01:13 PST 2008
On Sun, 13 Jan 2008 14:13:52 +0100, Oliver Hunt <oliver at apple.com> wrote:
> I did wonder about why other origins could read anything myself, so
> you're not alone -- it just seemed especially odd to allow images to be
> written safely but not ImageData.
ImageData is always safe as you create it yourself.
The specification should also mention that drawing <img
src=data:image/png,...> on the <canvas> is safe so that you can actually
roundtrip data through the server. The SVG case here is slightly more
complex so maybe it's better to have a definition of a "safe
> I'm as yet unsure whether a separate origin should be able to write -- i
> have nothing to back this up with but it seems that you could
> potentially right to a canvas from a separate domain to make the canvas
> look like something it wasn't -- but i'm not familiar enough with the
> other origin related policies in html5 to be able to say anything
Cross-document messaging only allows passing through strings.
> I only noticed this as i was looking at the ImageData portion of the
> spec just now :D
Would be nice if you guys implemented it :-)
> I assume there was a reason that reading from the canvas from another
> origin is ever allowed, but I can't think of what it might be -- any
> thoughts/recollections from others would be well received :D
I don't think this is possible. The security model is pretty simple.
HTMLImageElement is either safe or unsafe. HTMLCanvasElement is also
either safe (default) or unsafe. CanvasPattern is, again, either safe or
unsafe. Once you draw an unsafe HTMLImageElement, HTMLCanvasElement, or
CanvasPattern on an HTMLCanvasElement you mark the HTMLCanvasElement as
unsafe. The toDataURL() and getImageData() functions throw for an unsafe
Anne van Kesteren
More information about the whatwg