[whatwg] Minor addition/rewording for canvas section

Mathieu HENRI p01 at opera.com
Fri Jan 18 02:55:16 PST 2008

Anne van Kesteren wrote:
> On Sun, 13 Jan 2008 14:13:52 +0100, Oliver Hunt <oliver at apple.com> wrote:
>> I did wonder about why other origins could read anything myself, so 
>> you're not alone -- it just seemed especially odd to allow images to 
>> be written safely but not ImageData.
> ImageData is always safe as you create it yourself.

To clarify this very point:

An ImageData is always safe because:

* getImageData(...) must throw a Security Violation exception when called on a 
tainted Canvas.

* it is created manually, and other same origin policies prevent information 
leak in to it.

Mathieu 'p01' HENRI
JavaScript developer, Opera Software ASA

More information about the whatwg mailing list