[Webkit-unassigned] [Bug 17150] safe <img src=data:...> should not mark <canvas> unsafe
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jul 1 01:50:28 PDT 2008
https://bugs.webkit.org/show_bug.cgi?id=17150
abarth at webkit.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |abarth at webkit.org
------- Comment #5 from abarth at webkit.org 2008-07-01 01:50 PDT -------
> The redirection should not be an issue as we will not be basing our
> tainting policy on the resolved url, but rather the provided one.
It seems like both URLs are important to consider. Maybe I'm misunderstanding,
but suppose site A includes an image from itself, but the URL actually
redirects to site B. Shouldn't that taint the canvas as cross-origin even
though the provided URL matched the original site?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list