[webkit-dev] SVG images with foreignObject inside canvas

Frédéric WANG fred.wang at free.fr
Tue Apr 5 02:14:22 PDT 2016

Le 04/04/2016 22:22, Philip Rogers a écrit :
> Hi Frédéric,
> I'm sorry you had to hit this confusing area recently. I just filed
> https://bugs.webkit.org/show_bug.cgi?id=156176 which we can use to
> track progress on this.
> The core issue is that foreignObject has the potential to leak
> information (e.g., visited links), and there hasn't been enough user
> interest to justify removing that restriction.
Hi Philip,

Thank you very much for opening the bug!

Yes, I'm aware of this security issue... I did not follow the details
when that happened, but Mozilla has implemented support for
foreignObject inside canvas for several years and there is an article on
MDN describing it:


Maybe it would be worth checking with them what was their rationale to
remove that restriction and if it's worth following the same approach
for Blink/WebKit...


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.webkit.org/pipermail/webkit-dev/attachments/20160405/0f11e507/attachment.sig>

More information about the webkit-dev mailing list