<div dir="ltr">Hi Frédéric,<div><br></div><div>I'm sorry you had to hit this confusing area recently. I just filed <a href="https://bugs.webkit.org/show_bug.cgi?id=156176">https://bugs.webkit.org/show_bug.cgi?id=156176</a> which we can use to track progress on this.</div><div><br></div><div>The core issue is that foreignObject has the potential to leak information (e.g., visited links), and there hasn't been enough user interest to justify removing that restriction.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Apr 1, 2016 at 5:43 AM, Frédéric WANG <span dir="ltr"><<a href="mailto:fred.wang@free.fr" target="_blank">fred.wang@free.fr</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
After bug 119492, SVG images are allowed inside canvas without tainting<br>
as long as they do not contain foreignObject. Two months ago, changeset<br>
195614 landed to make this a bit more secure and the following FIXME<br>
comment was added to SVGImage.cpp:<br>
<br>
// FIXME: Once foreignObject elements within SVG images are updated to<br>
not leak cross-origin data<br>
// (e.g., visited links, spellcheck) we can remove the<br>
SVGForeignObjectElement check here and<br>
// research if we can remove the Image::hasSingleSecurityOrigin<br>
mechanism entirely.<br>
<br>
Does anyone know if there is any plan / bug report for this?<br>
<br>
The FIXME comment misses a bug number, I can not find any bug entry on<br>
Bugzilla (only the related bug 91523 and bug 131033) and I don't have<br>
access to bug 119492...<br>
<br>
Thank you,<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Frédéric Wang<br>
<br>
<br>
</font></span><br>_______________________________________________<br>
webkit-dev mailing list<br>
<a href="mailto:webkit-dev@lists.webkit.org">webkit-dev@lists.webkit.org</a><br>
<a href="https://lists.webkit.org/mailman/listinfo/webkit-dev" rel="noreferrer" target="_blank">https://lists.webkit.org/mailman/listinfo/webkit-dev</a><br>
<br></blockquote></div><br></div>