[Webkit-unassigned] [Bug 18762] New: Canvas toDataURL in iframes allows reading different-origin images
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Apr 26 16:00:37 PDT 2008
http://bugs.webkit.org/show_bug.cgi?id=18762
Summary: Canvas toDataURL in iframes allows reading different-
origin images
Product: WebKit
Version: 526+ (Nightly build)
Platform: PC
URL: http://philip.html5.org/misc/iframe-canvas-
security/iframes.html
OS/Version: Windows Vista
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: Layout and Rendering
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: excors at gmail.com
Normally, after drawing an image from a different origin onto a canvas,
toDataURL is blocked with a security exception (which is good).
The linked page has nine identical pages in iframes, each loading the same
remote image and calling toDataURL. It gives output like
http://philip.html5.org/misc/iframe-canvas-security/webkit-r32574.png - most of
the iframes are able to successfully read the image data (which is bad).
Sometimes, when revisiting the page, the unsuccessful one randomly swaps to a
different location (but there's always only one). When pressing the "reload"
button, all the iframes work correctly until the page is revisited.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list