[Webkit-unassigned] [Bug 129172] SVG Data URLs "taint" canvas as cross-origin
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Feb 24 08:38:24 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=129172
Brooks <boydb at midnightdesign.ws> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Data URLs in UTF8-format |SVG Data URLs "taint"
|"taint" canvas as |canvas as cross-origin
|cross-origin |
--- Comment #1 from Brooks <boydb at midnightdesign.ws> 2014-02-24 08:35:32 PST ---
Correction: Data URIs in UTF8 format (data:image/svg+xml;utf8) and Base64 format (data:image/svg+xml;base64) seem to both taint the canvas; the checks to ensure an SVG source is safe seem to only check an SVG included as a remote file, and don't scan Data URI contents themselves.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list