[Webkit-unassigned] [Bug 17150] safe <img src=data:...> should not mark <canvas> unsafe

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jul 1 01:50:28 PDT 2008


abarth at webkit.org changed:

           What    |Removed                     |Added
                 CC|                            |abarth at webkit.org

------- Comment #5 from abarth at webkit.org  2008-07-01 01:50 PDT -------
> The redirection should not be an issue as we will not be basing our
> tainting policy on the resolved url, but rather the provided one.

It seems like both URLs are important to consider.  Maybe I'm misunderstanding,
but suppose site A includes an image from itself, but the URL actually
redirects to site B.  Shouldn't that taint the canvas as cross-origin even
though the provided URL matched the original site?

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list