[whatwg] Canvas and drawWindow

Ian Hickson ian at hixie.ch
Wed May 11 22:58:35 PDT 2011

On Fri, 11 Mar 2011, Erik Möller wrote:
> I bet this has been discussed before, but I'm curious as to what people 
> think about breathing some life into a more general version of Mozillas 
> canvas.drawWindow() that draws a snapshot of a DOM window into the 
> canvas? 

This is something that is rife with serious security concerns: exposing 
history, the potential for cross-origin data leakage, introspecting 
spelling-checker user dictionaries, inspecting data that is otherwise 
hidden such as user theme preferences or file input paths...

This is not something to undertake lightly. Even if we found a way to 
actually determine when to taint a drawn image, we could never allow such 
data to be uploaded to a server or reused in WebGL (due to the shader 
timing attacks). And working out when something has any cross-origin 
pixels is vastly more complicated than it appears. CSS reflections, SVG 
transforms, fonts, iframes, the CSS 'content' property... the list of 
possible ways one could taint something is absurdly high.

This is an area where more than ever I think browsers will have to lead by 
experimentation. If a solid safe solution can be figured out and that 
everyone is willing to implement, meaning one that doesn't involve laundry 
lists of things to test for or risk a whack-a-mole race, then I'd be happy 
to specify it.

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

More information about the whatwg mailing list