[Webkit-unassigned] [Bug 72654] Canvas's toDataURL raises SECURITY_ERR after painting a local image by local file
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Nov 17 14:23:08 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=72654
Adam Barth <abarth at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
--- Comment #1 from Adam Barth <abarth at webkit.org> 2011-11-17 14:23:07 PST ---
This is the correct behavior.
The idea behind a tainted canvas is that you can continue to draw new things on the canvas and you can display it to the user, but you can't actually read back the pixels. If you could convert it to a data URL, you would be able to read back its pixels.
The reason we block reading back the pixels in this case is because we don't want one file URL to be able to read the contents of another file URL. That would let an email attachment you downloaded (say a resume from a job application) snoop on photos of you children in your home directory.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list