[webkit-dev] SVG images with foreignObject inside canvas
Frédéric WANG
fred.wang at free.fr
Tue Apr 5 02:14:22 PDT 2016
Le 04/04/2016 22:22, Philip Rogers a écrit :
> Hi Frédéric,
>
> I'm sorry you had to hit this confusing area recently. I just filed
> https://bugs.webkit.org/show_bug.cgi?id=156176 which we can use to
> track progress on this.
>
> The core issue is that foreignObject has the potential to leak
> information (e.g., visited links), and there hasn't been enough user
> interest to justify removing that restriction.
Hi Philip,
Thank you very much for opening the bug!
Yes, I'm aware of this security issue... I did not follow the details
when that happened, but Mozilla has implemented support for
foreignObject inside canvas for several years and there is an article on
MDN describing it:
https://developer.mozilla.org/en-US/docs/Web/API/Canvas_API/Drawing_DOM_objects_into_a_canvas
Maybe it would be worth checking with them what was their rationale to
remove that restriction and if it's worth following the same approach
for Blink/WebKit...
Frédéric
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.webkit.org/pipermail/webkit-dev/attachments/20160405/0f11e507/attachment.sig>
More information about the webkit-dev
mailing list