[Webkit-unassigned] [Bug 69044] Canvas drawElement() security issues

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 27 18:12:22 PDT 2011


Benjamin Poulain <benjamin at webkit.org> changed:

           What    |Removed                     |Added
                 CC|                            |benjamin at webkit.org

--- Comment #32 from Benjamin Poulain <benjamin at webkit.org>  2011-10-27 18:12:21 PST ---
This is maybe naïve but what about a different rendering model for tainted canvas?

The tainted canvas must render the content asynchronously in another process or thread. The only guarantee we give is the content will show up at some point, and the previous content will stay on screen until the new content shows up.

If you paint canvas over canvas, they are queued in the same thread and are done in order.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list