[whatwg] [CORS] WebKit tainting image instead of throwing error
Boris Zbarsky
bzbarsky at MIT.EDU
Tue Oct 4 11:50:30 PDT 2011
On 10/4/11 2:32 PM, Odin Hørthe Omdal wrote:
> WebKit, on the other hand, only taints the image and loads it anyway,
> breaking the spec.
File a bug on them please? The idea of CORS is that CORS-using requests
stop making the harmful distinction between ability to embed and ability
to read. That's why CORS had to be opt-in for images. If WebKit is not
implenenting this properly, they just need to fix their code...
And in particular an <img crossorigin> that's in the DOM and fails the
CORS checks should not render the image on the page. Anything else is
just broken.
-Boris
More information about the whatwg
mailing list