[Webkit-unassigned] [Bug 41019] Canvas: Remember verified clean origins for drawImage()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jun 23 09:43:49 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=41019
--- Comment #5 from Andreas Kling <andreas.kling at nokia.com> 2010-06-23 09:43:49 PST ---
(In reply to comment #4)
> Are you sure? What if document.domain is set in between calls to canvas methods. That could change the tainting the rules I believe.
>From SecurityOrigin::canRequest(KURL):
// We call isSameSchemeHostPort here instead of canAccess because we want
// to ignore document.domain effects.
if (isSameSchemeHostPort(targetOrigin.get()))
return true;
This is on the path currently taken by canvas's origin check.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list