[webkit-dev] SVG images with foreignObject inside canvas
fred.wang at free.fr
Tue Apr 5 02:14:22 PDT 2016
Le 04/04/2016 22:22, Philip Rogers a écrit :
> Hi Frédéric,
> I'm sorry you had to hit this confusing area recently. I just filed
> https://bugs.webkit.org/show_bug.cgi?id=156176 which we can use to
> track progress on this.
> The core issue is that foreignObject has the potential to leak
> information (e.g., visited links), and there hasn't been enough user
> interest to justify removing that restriction.
Thank you very much for opening the bug!
Yes, I'm aware of this security issue... I did not follow the details
when that happened, but Mozilla has implemented support for
foreignObject inside canvas for several years and there is an article on
MDN describing it:
Maybe it would be worth checking with them what was their rationale to
remove that restriction and if it's worth following the same approach
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the webkit-dev