[whatwg] Canvas 2D Context Proposal: resetOriginClean

[Boris Zbarsky]

On Thu, Apr 22, 2010 at 5:05 PM, Charles Pritchard<chuck at jumis.com>  wrote:
> Boris, you haven't provided me with any reasoning/room to address the issue.

Sorry.  The point is that providing for dynamic privilege escalation (in 
the sense that the permissions of a chunk of code change on the fly) is 
not something we plan to support going forward.  In particular it 
imposes significant performance costs on our JavaScript implemenation 
which we would obviously like to eliminate.

I see no problems with exposing a resetOriginClean method to "trusted" 
code; my problem is with a setup where code transitions from trusted to 
untrusted, and with random gradations in trust levels that enforce 
security checks all over the place.  That's what we would not want to 
implement.

 > It'd only prompt the user for permissions in the same cases that
 > enablePrivilege does.

Which is about to become "never" in Gecko as soon as we can make it 
happen....

 > I'm just trying to standardize the really awkward experience a
 > trusted application has to go through to grab permitted image data.

If an application is trusted (in the "system principal" sense in 
Mozilla, not in the broken enablePrivilege sense), how did it end up 
with a dirty canvas to start with?

I do think the CORS suggestion elsewhere in this thread is a good one, 
by the way.

-Boris