[Webkit-unassigned] [Bug 72654] Canvas's toDataURL raises SECURITY_ERR after painting a local image by local file
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 18 15:01:06 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=72654
Sam Weinig <sam at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sam at webkit.org
--- Comment #2 from Sam Weinig <sam at webkit.org> 2011-11-18 15:01:05 PST ---
(In reply to comment #1)
> This is the correct behavior.
>
> The idea behind a tainted canvas is that you can continue to draw new things on the canvas and you can display it to the user, but you can't actually read back the pixels. If you could convert it to a data URL, you would be able to read back its pixels.
>
> The reason we block reading back the pixels in this case is because we don't want one file URL to be able to read the contents of another file URL. That would let an email attachment you downloaded (say a resume from a job application) snoop on photos of you children in your home directory.
It seems like it might be incorrect if allowUniversalAccessFromFileURLs() is true. Rafael, what browser are you running?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list