[whatwg] Canvas 2D Context Proposal: resetOriginClean

Jonas Sicking jonas at sicking.cc
Sat Apr 24 09:45:33 PDT 2010


On Fri, Apr 23, 2010 at 5:56 PM, Anne van Kesteren <annevk at opera.com> wrote:
> On Sat, 24 Apr 2010 04:04:57 +0900, Jonas Sicking <jonas at sicking.cc> wrote:
>>
>> This would require changes to both HTML and to CORS, but not too bad.
>> And the result is significantly better as it doesn't require the user
>> to get involved and decide what's safe and what's not.
>
> What changes to CORS would be required? It is designed to make this "just
> work" so if anything is wrong I'd like to know. Specifically the "resource
> sharing check" is what HTML would use here.

Ah, I see that CORS doesn't require the network connection to be
aborted even when the "cross-origin request status" reaches "network
error". So it does indeed seem like all that's needed is for HTML to
say that CORS should be used while fetching the image, and that if the
resulting "cross-origin request status" is "success", then tainting
doesn't happen when said image is drawn into a canvas.

/ Jonas


More information about the whatwg mailing list