[whatwg] [CORS] WebKit tainting image instead of throwing, error
Ian Hickson
ian at hixie.ch
Fri Jan 27 18:01:16 PST 2012
On Tue, 1 Nov 2011, Charles Pritchard wrote:
>
> I'd been using <img crossorigin> for everything... It was lazy but
> worked fine until the latest roll-out of Chrome. Now my local references
> fail the check. I have to use <img> for local images that I know are
> safe, and <img crossorigin> for images that I suspect are not safe.
>
> This is likely just a bug in Chrome, but it was rolled out quickly
> before going through the Chrome Canary process.
>
> Code example: <img src="./localImage.png" crossorigin> may -fail- the
> crossorigin check even though the image will not set a dirty flag on
> Canvas.
On Tue, 1 Nov 2011, Adam Barth wrote:
>
> Sorry about that. This is filed as
> <https://bugs.webkit.org/show_bug.cgi?id=71053>. I've got some time
> scheduled to look at this later in the week.
I've fixed the spec accordingly.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list