[whatwg] [CORS] WebKit tainting image instead of throwing, error

Ian Hickson ian at hixie.ch
Fri Jan 27 18:01:16 PST 2012

On Tue, 1 Nov 2011, Charles Pritchard wrote:
> I'd been using <img crossorigin> for everything... It was lazy but 
> worked fine until the latest roll-out of Chrome. Now my local references 
> fail the check. I have to use <img> for local images that I know are 
> safe, and <img crossorigin> for images that I suspect are not safe.
> This is likely just a bug in Chrome, but it was rolled out quickly 
> before going through the Chrome Canary process.
> Code example: <img src="./localImage.png" crossorigin> may -fail- the 
> crossorigin check even though the image will not set a dirty flag on 
> Canvas.

On Tue, 1 Nov 2011, Adam Barth wrote:
> Sorry about that.  This is filed as 
> <https://bugs.webkit.org/show_bug.cgi?id=71053>.  I've got some time 
> scheduled to look at this later in the week.

I've fixed the spec accordingly.

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

More information about the whatwg mailing list