[webkit-dev] SVG images with foreignObject inside canvas

Frédéric WANG fred.wang at free.fr
Fri Apr 1 05:43:36 PDT 2016


Hi,

After bug 119492, SVG images are allowed inside canvas without tainting
as long as they do not contain foreignObject. Two months ago, changeset
195614 landed to make this a bit more secure and the following FIXME
comment was added to SVGImage.cpp:

// FIXME: Once foreignObject elements within SVG images are updated to
not leak cross-origin data
// (e.g., visited links, spellcheck) we can remove the
SVGForeignObjectElement check here and
// research if we can remove the Image::hasSingleSecurityOrigin
mechanism entirely.

Does anyone know if there is any plan / bug report for this?

The FIXME comment misses a bug number, I can not find any bug entry on
Bugzilla (only the related bug 91523 and bug 131033) and I don't have
access to bug 119492...

Thank you,

-- 
Frédéric Wang


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.webkit.org/pipermail/webkit-dev/attachments/20160401/0532f29e/attachment.sig>


More information about the webkit-dev mailing list