[webkit-dev] SVG images with foreignObject inside canvas

Philip Rogers pdr at google.com
Mon Apr 4 13:22:52 PDT 2016

Hi Frédéric,

I'm sorry you had to hit this confusing area recently. I just filed
https://bugs.webkit.org/show_bug.cgi?id=156176 which we can use to track
progress on this.

The core issue is that foreignObject has the potential to leak information
(e.g., visited links), and there hasn't been enough user interest to
justify removing that restriction.

On Fri, Apr 1, 2016 at 5:43 AM, Frédéric WANG <fred.wang at free.fr> wrote:

> Hi,
> After bug 119492, SVG images are allowed inside canvas without tainting
> as long as they do not contain foreignObject. Two months ago, changeset
> 195614 landed to make this a bit more secure and the following FIXME
> comment was added to SVGImage.cpp:
> // FIXME: Once foreignObject elements within SVG images are updated to
> not leak cross-origin data
> // (e.g., visited links, spellcheck) we can remove the
> SVGForeignObjectElement check here and
> // research if we can remove the Image::hasSingleSecurityOrigin
> mechanism entirely.
> Does anyone know if there is any plan / bug report for this?
> The FIXME comment misses a bug number, I can not find any bug entry on
> Bugzilla (only the related bug 91523 and bug 131033) and I don't have
> access to bug 119492...
> Thank you,
> --
> Frédéric Wang
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-dev/attachments/20160404/c9ec2211/attachment.html>

More information about the webkit-dev mailing list