[Webkit-unassigned] [Bug 129172] SVG Data URLs "taint" canvas as cross-origin

Mon Feb 24 08:38:24 PST 2014

https://bugs.webkit.org/show_bug.cgi?id=129172

Brooks <boydb at midnightdesign.ws> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Data URLs in UTF8-format    |SVG Data URLs "taint"
                   |"taint" canvas as           |canvas as cross-origin
                   |cross-origin                |

--- Comment #1 from Brooks <boydb at midnightdesign.ws>  2014-02-24 08:35:32 PST ---
Correction: Data URIs in UTF8 format (data:image/svg+xml;utf8) and Base64 format (data:image/svg+xml;base64) seem to both taint the canvas; the checks to ensure an SVG source is safe seem to only check an SVG included as a remote file, and don't scan Data URI  contents themselves.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.