[webkit-dev] SVG images with foreignObject inside canvas

Frédéric WANG fred.wang at free.fr
Fri Apr 1 05:43:36 PDT 2016


After bug 119492, SVG images are allowed inside canvas without tainting
as long as they do not contain foreignObject. Two months ago, changeset
195614 landed to make this a bit more secure and the following FIXME
comment was added to SVGImage.cpp:

// FIXME: Once foreignObject elements within SVG images are updated to
not leak cross-origin data
// (e.g., visited links, spellcheck) we can remove the
SVGForeignObjectElement check here and
// research if we can remove the Image::hasSingleSecurityOrigin
mechanism entirely.

Does anyone know if there is any plan / bug report for this?

The FIXME comment misses a bug number, I can not find any bug entry on
Bugzilla (only the related bug 91523 and bug 131033) and I don't have
access to bug 119492...

Thank you,

Frédéric Wang

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.webkit.org/pipermail/webkit-dev/attachments/20160401/0532f29e/attachment.sig>

More information about the webkit-dev mailing list