[whatwg] Canvas and drawWindow
Ian Hickson
ian at hixie.ch
Wed May 11 22:58:35 PDT 2011
On Fri, 11 Mar 2011, Erik Möller wrote:
>
> I bet this has been discussed before, but I'm curious as to what people
> think about breathing some life into a more general version of Mozillas
> canvas.drawWindow() that draws a snapshot of a DOM window into the
> canvas?
This is something that is rife with serious security concerns: exposing
history, the potential for cross-origin data leakage, introspecting
spelling-checker user dictionaries, inspecting data that is otherwise
hidden such as user theme preferences or file input paths...
This is not something to undertake lightly. Even if we found a way to
actually determine when to taint a drawn image, we could never allow such
data to be uploaded to a server or reused in WebGL (due to the shader
timing attacks). And working out when something has any cross-origin
pixels is vastly more complicated than it appears. CSS reflections, SVG
transforms, fonts, iframes, the CSS 'content' property... the list of
possible ways one could taint something is absurdly high.
This is an area where more than ever I think browsers will have to lead by
experimentation. If a solid safe solution can be figured out and that
everyone is willing to implement, meaning one that doesn't involve laundry
lists of things to test for or risk a whack-a-mole race, then I'd be happy
to specify it.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list