[Webkit-unassigned] [Bug 72654] Canvas's toDataURL raises SECURITY_ERR after painting a local image by local file
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 18 18:16:55 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=72654
--- Comment #3 from Rafael Brandao <rafael.lobo at openbossa.org> 2011-11-18 18:16:55 PST ---
(In reply to comment #2)
> (In reply to comment #1)
> > This is the correct behavior.
> >
> > The idea behind a tainted canvas is that you can continue to draw new things on the canvas and you can display it to the user, but you can't actually read back the pixels. If you could convert it to a data URL, you would be able to read back its pixels.
> >
> > The reason we block reading back the pixels in this case is because we don't want one file URL to be able to read the contents of another file URL. That would let an email attachment you downloaded (say a resume from a job application) snoop on photos of you children in your home directory.
>
> It seems like it might be incorrect if allowUniversalAccessFromFileURLs() is true. Rafael, what browser are you running?
Hello Sam, I've managed to print the value for that option and it was false, at least for Qt port. I could also reproduce it on Google Chrome, not sure right now about the version (I could check on Monday at work). I should have tried on Firefox and Safari as well to compare behaviors, but I've forgot.
Adam Barth explained a bit more on IRC why this is correct. The function name "canRequest" should be changed to "canRead" because the problem about toDataURL is that you shouldn't provide a way to the script to read back what was painted (correct me if I'm wrong), otherwise one could expose this data illegally.
But checking this "bug" I've went into another one: https://bugs.webkit.org/show_bug.cgi?id=63506 - I'm a bit curious how Chrome does show the line number and file url when an error happens (on console log). I've tested it with webkit trunk and it wasn't working at all.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list