[Webkit-unassigned] [Bug 18762] New: Canvas toDataURL in iframes allows reading different-origin images

Sat Apr 26 16:00:37 PDT 2008

http://bugs.webkit.org/show_bug.cgi?id=18762

           Summary: Canvas toDataURL in iframes allows reading different-
                    origin images
           Product: WebKit
           Version: 526+ (Nightly build)
          Platform: PC
               URL: http://philip.html5.org/misc/iframe-canvas-
                    security/iframes.html
        OS/Version: Windows Vista
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: excors at gmail.com

Normally, after drawing an image from a different origin onto a canvas,
toDataURL is blocked with a security exception (which is good).

The linked page has nine identical pages in iframes, each loading the same
remote image and calling toDataURL. It gives output like
http://philip.html5.org/misc/iframe-canvas-security/webkit-r32574.png - most of
the iframes are able to successfully read the image data (which is bad).
Sometimes, when revisiting the page, the unsuccessful one randomly swaps to a
different location (but there's always only one). When pressing the "reload"
button, all the iframes work correctly until the page is revisited.

-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.