[whatwg] [CORS] WebKit tainting image instead of throwing error
Boris Zbarsky
bzbarsky at MIT.EDU
Tue Oct 4 12:06:29 PDT 2011
On 10/4/11 3:02 PM, Anne van Kesteren wrote:
> Sure, but not more than per usual. Note that if you do not specify the
> crossorigin attribute the image can still get untainted. And if it does
> not you would still display the image (as always).
Yes; the point of specifying crossorigin is to opt in to the security
model we think the web _should_ have but that we can't roll out across
the board. Yet.
-Boris
More information about the whatwg
mailing list