[whatwg] Minor addition/rewording for canvas section

Mathieu HENRI p01 at opera.com
Fri Jan 18 02:55:16 PST 2008


Anne van Kesteren wrote:
> On Sun, 13 Jan 2008 14:13:52 +0100, Oliver Hunt <oliver at apple.com> wrote:
>> I did wonder about why other origins could read anything myself, so 
>> you're not alone -- it just seemed especially odd to allow images to 
>> be written safely but not ImageData.
> 
> ImageData is always safe as you create it yourself.

To clarify this very point:

An ImageData is always safe because:

* getImageData(...) must throw a Security Violation exception when called on a 
tainted Canvas.

* it is created manually, and other same origin policies prevent information 
leak in to it.


-- 
Mathieu 'p01' HENRI
JavaScript developer, Opera Software ASA



More information about the whatwg mailing list